Feb 17 2020 01:13 AM
Hi,
Proxy logs benefit both Sentinel and Cloud App Security Cloud Discovery. What is the most sensible way of getting proxy log data into both with least amount of moving parts? For example, ZScaler emits CEF which can be consumed by Azure Log Forwarder into Sentinel, but then Cloud App Security cannot pick up from Sentinel.
Mar 19 2020 09:24 AM
There are 3 methods to get Discovery deployed:
https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery
1. MDATP
2. Log Collector for firewalls such as Blue Coat and Palo Alto
3. Zscaler or iBoss
Could you provide more context around what you'd like to achieve?
Mar 19 2020 05:36 PM
Jan 18 2021 12:32 PM
@Banu Jafarlii would like to refresh this old conversation.
It there a plan to combine MCAS and Sentinel (e.g. Log Analytics agent) collection agents? Streaming firewall logs from on-prem to cloud twice seems like waste of effort.