how to connect varonis as a connector in sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2073605%22%20slang%3D%22en-US%22%3Ehow%20to%20connect%20varonis%20as%20a%20connector%20in%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2073605%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20would%20like%20to%20know%20the%20process%20of%20how%20can%20we%20connect%20Varonis%20as%20a%20data%20connector%20in%20sentinel.%3C%2FP%3E%3CP%3EI%20understand%20that%20by%20reading%20this%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-the-connectors-grand-cef-syslog-direct-agent%2Fba-p%2F803891%22%20target%3D%22_blank%22%3EAzure%20Sentinel%3A%20The%20connectors%20grand%20(CEF%2C%20Syslog%2C%20Direct%2C%20Agent%2C%20Custom%20and%20more)%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%26nbsp%3B%2C%20we%20can%20connect%20Varonis%20through%20CEF%20connector.%20And%20I%20have%20read%20the%20instructions%20mentioned%20in%20the%20article(%3CA%20href%3D%22https%3A%2F%2Finfo.varonis.com%2Fhubfs%2Fdocs%2Fsplunk-app%2FVaronis-App-for-Splunk-User-Guide.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EVaronis%20DatAlert%20App%20and%20Technology%20Add-On%20for%20Splunk%C2%AE%3C%2FA%3E)%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20what%20I%20understood%2C%20can%20anyone%20correct%20me%20if%20any%3F%3C%2FP%3E%3COL%3E%3CLI%3Ein%20Datalert%20configuration(in%20varonis)%2C%20connect%20Syslog%20msg%20fwding%20by%20giving%20the%20Syslog%20server%20IP%20and%20port%20number.%3C%2FLI%3E%3CLI%3Ecreate%20an%20alert%20template%20with%20Syslog%20msg%20alert%20method.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E***by%20this%2C%20varonis%20alerts%2Fdata%20will%20be%20sent%20to%20Syslog%20server****%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B3.now%2C%20we%20can%20connect%20easily%20from%20the%20Syslog%20server%20to%20sentinel%20easily%20by%20executing%20a%20few%20commands%20which%20I'm%20aware%20of.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2078330%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20connect%20varonis%20as%20a%20connector%20in%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2078330%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F923986%22%20target%3D%22_blank%22%3E%40printscreen%3C%2FA%3E%26nbsp%3BYes%20correct%2C%20the%202%20points%20as%20mentioned%20by%20you%20will%20be%20sufficient%20to%20connect%20Varonis%20to%20Azure%20Sentinel%2C%20provided%20you%20have%20all%20the%20configurations%20in%20place%20on%20Syslog%20Server%20for%20CEF%20forwarding.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi, I would like to know the process of how can we connect Varonis as a data connector in sentinel.

I understand that by reading this article Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) - Microsoft Tech ... , we can connect Varonis through CEF connector. And I have read the instructions mentioned in the article(Varonis DatAlert App and Technology Add-On for Splunk®), 

 

This is what I understood, can anyone correct me if any?

  1. in Datalert configuration(in varonis), connect Syslog msg fwding by giving the Syslog server IP and port number.
  2. create an alert template with Syslog msg alert method.

***by this, varonis alerts/data will be sent to Syslog server****

 

     3.now, we can connect easily from the Syslog server to sentinel easily by executing a few commands which I'm aware of.

 

 

 

1 Reply

@printscreen Yes correct, the 2 points as mentioned by you will be sufficient to connect Varonis to Azure Sentinel, provided you have all the configurations in place on Syslog Server for CEF forwarding.