cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel Side by Side with QRadar

Jesto001
Copper Contributor

‎Jun 16 2022 08:42 AM

‎Jun 16 2022 08:42 AM

Azure Sentinel Side by Side with QRadar

Hi,

quick question:

 

in the "Event Filter" on Qradar we add:

vendorInformation/provider eq 'Azure Sentinel'

to get Sentinel events but is it possible to include another azure instances such as Cloud App, Identity, etc?

I mean, like:

provider eq 'Azure Sentinel, MCAS, IPS'

 

thank you

1,288 Views
0 Likes
2 Replies
Reply
2 Replies
Rod_Trent

‎Jun 16 2022 09:17 AM

‎Jun 16 2022 09:17 AM

Re: Azure Sentinel Side by Side with QRadar

@Jesto001 A couple ways.

 

As a query example...

 

SecurityAlert
| where ProductName == "Microsoft Cloud App Security"

 

Using a filter in the UI (example in Incidents)...

 

prodname.png

0 Likes
Reply
Clive_Watson

‎Jun 17 2022 04:54 AM

‎Jun 17 2022 04:54 AM

Re: Azure Sentinel Side by Side with QRadar

also

SecurityAlert
| where ProductName in ("Microsoft Cloud App Security","product A","product B")
0 Likes
Reply