Linux and Untangle Support

New Contributor

Hello all,


We're conducting tests regarding Azure Sentinel's features and wanted to clarify some points.


  • Regarding Syslog for Linux devices, it only seems that 11 preconfigured analytic templates come pre-built with Sentinel, is there a way to have more ? In order to cover more of the possible issues / alerts such as Privilege Escalation, Logs cleared, Credential acquisition, port forwarding...
  • If we want to monitor firewalls that do not have a connector pre-built in Sentinel such as Untangle Firewall, what are the required steps to follow ? Is there any parsing needed to be done from a side ?
3 Replies
1. There are a few extra Detections in the Github and you can author your own you can even post them back to the Github for others to use. 3rd party sites like SOC Prime and other Githubs have lots of examples
2. How does Untangle log its data, if Syslog or CEF you can use those connectors, if api you may need to use a Playbook, if a file, the Customlog is an option? Example parsers for other products (and data connectors) are all in te Github



Dear, thank you for your response !

  • For the first point, that's exactly what I'm searching for in fact, if you know more websites or git repos that have query/rules examples covering many basic and advanced detection please let me know.
  • For Untangle, yes it's formatted in syslog yes. 



1. Some places I use, in no particular order, and please do your own diligence as these are not Microsoft  sites: 

2. So please try the Syslog connector.  Hopefully you wont need a parser for this data source.