Sentinel Connectors - Flat files, ODBC, IBMi

%3CLINGO-SUB%20id%3D%22lingo-sub-2048078%22%20slang%3D%22en-US%22%3ESentinel%20Connectors%20-%20Flat%20files%2C%20ODBC%2C%20IBMi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2048078%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20considering%20rolling-out%20Sentinel%20some%20time%20in%20the%20future%20and%20I%20am%20exploring%20what%20data%20types%20it%20can%20ingest.%20I%20am%20particularly%20looking%20for%20if%20it%20ingest%2Fhow%20it%20can%20ingest%20from%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Flat%20file%20logs%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Can%20it%20connect%20to%20a%20database%20and%20ingest%20from%20it(ODBC)%3C%2FP%3E%3CP%3E-%20How%20it%20could%20ingest%20from%20IBMi%2Fiseries%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20for%20your%20input%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2048812%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20Connectors%20-%20Flat%20files%2C%20ODBC%2C%20IBMi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2048812%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F924492%22%20target%3D%22_blank%22%3E%40AzureHacki%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-sources-custom-logs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECollect%20custom%20logs%20with%20Log%20Analytics%20agent%20in%20Azure%20Monitor%20-%20Azure%20Monitor%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3Efor%202%20and%203%20you%20may%20need%20to%20use%20Logic%20Apps%2C%20as%20an%20example%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-gateway-connection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAccess%20data%20sources%20on%20premises%20-%20Azure%20Logic%20Apps%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2069048%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20Connectors%20-%20Flat%20files%2C%20ODBC%2C%20IBMi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2069048%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F924492%22%20target%3D%22_blank%22%3E%40AzureHacki%3C%2FA%3E%26nbsp%3B%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20databases%2C%20in%20case%20your%20database%20is%20on-prem%20rather%20than%20a%20cloud%20service%2C%20I%20think%20that%20the%20best%20option%20would%20be%20Logstash.%20It%20might%20also%20be%20a%20good%20alternative%20for%20files.%3C%2FLI%3E%0A%3CLI%3EFor%20IBM%2C%20it%20seems%20that%20iSeries%20supports%20CEF%20(see%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.ibm.com%2Ftechnologies%2Fsystems%2Farticles%2Fconnecting-ibm-i-to-siem-systems%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E).%20Also%2C%20zSecure%20supports%20CEF%20as%20outlined%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSS2RWS_2.3.0%2Fcom.ibm.zsecure.doc_2.3.0%2Fabout_this_release%2Fabout_rel_whats_new.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ewhat's%20new%20for%20zSecure%20V2.3.0%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi All,

 

I am considering rolling-out Sentinel some time in the future and I am exploring what data types it can ingest. I am particularly looking for if it ingest/how it can ingest from 

- Flat file logs 

- Can it connect to a database and ingest from it(ODBC)

- How it could ingest from IBMi/iseries

 

Thanks in advance for your input 

4 Replies

@AzureHacki :

  • For databases, in case your database is on-prem rather than a cloud service, I think that the best option would be Logstash. It might also be a good alternative for files.
  • For IBM, it seems that iSeries supports CEF (see here). Also, zSecure supports CEF as outlined in what's new for zSecure V2.3.0 

@CliveWatson  Thanks for that, it will help answer some of the questions!

Thanks ofer_shezaf that is helpfull.