Jan 13 2023 06:22 AM
Hi Community , need help in log ingestion and analytic use case creation for sentinel for below devices.
VPN Devices | Cisco FTD |
WLC | Cisco |
Email Logs iron port | Cisco |
Trend Micro XDR | Trend Micro ApexOne/CloudOne |
DLP Server | Forcepoint Endpoint |
UpGuard Logs | UpGuard BreachSight |
Jan 13 2023 07:40 AM
Trend Apex One comes with Rules to try:
The Forcepoint DLP Solution in Sentinel, doesn't have any Rules but there is a Workbook, so I'd look at the queries it uses as a starting point Azure-Sentinel/ForcepointDLP.json at ea0af641f3bd9aafea98d373e4346d1cbd5833c1 · Azure/Azure-Sentinel...
This is an area I'd love to see Microsoft and the vendors improve, I think the minimum requirement should be one Analytic Rule, to get a Solution accepted into Sentinel (unless the data source supports a released ASIM parser).
For the others I'd typically look for a similar product that has Use cases and adapt those.