Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

IP addresses used by Sentinel

Copper Contributor

Does anyone have to hand the IP ranges that the MMA agent would use to forward logs to Sentinel? I presume it's workspace/region dependent...but I can't seem to find anything and we can't just allow unrestricted outbound traffic. 

2 Replies

@thekernel 

 

The MMA is owned by the Azure Monitor Team (as is "Log Analytics" a.k.a Azure Monitor Logs), so the docs are under their name not Azure Sentinel: https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses

Thanks

@CliveWatson @thekernel 

 

Wondering if this worked for the OP? I also need to find Sentinel IPs but the intent is for a TI vendor to whitelist connecting agents.