SOLVED

Exporting Kaspersky logs to Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2434235%22%20slang%3D%22en-US%22%3EExporting%20Kaspersky%20logs%20to%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2434235%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20community%2C%3C%2FP%3E%3CP%3EI%20want%20to%20export%20Kaspersky%20logs%20to%20Azure%20Sentinel%20for%20that%20I%20need%3CSTRONG%3E%20AZ%20Sentinel%20server%20address%20(IP)%20and%26nbsp%3BZ%20Azure%20Sentinel%3C%2FSTRONG%3E%3CSTRONG%3E%20server%20port.%20%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EHow%20would%20I%20find%20my%20Sentinel%20IP%20and%20port%20address%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22kasper.png%22%20style%3D%22width%3A%20952px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287797i32CD7326D0F932CC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22kasper.png%22%20alt%3D%22kasper.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2434494%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Kaspersky%20logs%20to%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2434494%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F950513%22%20target%3D%22_blank%22%3E%40Sec%3C%2FA%3E%26nbsp%3BI%20have%20not%20actually%20used%20the%20data%20connector%20before%20however%2C%20based%20on%20what%20the%20documentation%20is%20stating%2C%20it%20appears%20that%20you%20would%20need%20to%20setup%20a%20CEF%20Server%20(using%20the%20instructions%20in%20the%20Azure%20Sentinel%20CEF%20Data%20Connector)%20and%20then%20use%20that%20server's%20IP%20address%20and%20the%20ingestion%20port%20(which%20I%20believe%20is%20514).%26nbsp%3B%20Then%20the%20CEF%20server%20can%20handle%20sending%20the%20data%20into%20Azure%20Sentinel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi community,

I want to export Kaspersky logs to Azure Sentinel for that I need AZ Sentinel server address (IP) and Z Azure Sentinel server port.

How would I find my Sentinel IP and port address?

kasper.png

1 Reply
best response confirmed by rodtrent (Microsoft)
Solution

@zubairrahimsoc I have not actually used the data connector before however, based on what the documentation is stating, it appears that you would need to setup a CEF Server (using the instructions in the Azure Sentinel CEF Data Connector) and then use that server's IP address and the ingestion port (which I believe is 514).  Then the CEF server can handle sending the data into Azure Sentinel.