Azure Sentinel | Two new blogs!

%3CLINGO-SUB%20id%3D%22lingo-sub-1345434%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20%7C%20Two%20new%20blogs!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345434%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmonitoring-zoom-with-azure-sentinel%2Fba-p%2F1341516%22%20target%3D%22_blank%22%3EMonitoring%20Zoom%20with%20Azure%20Sentinel%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EOne%20of%20the%20great%20features%20of%20Azure%20Sentinel%20is%20its%20ability%20to%20ingest%20and%20analyze%20data%20from%20any%20source%20not%20just%20from%20Microsoft%20products.%20In%20this%20blog%20will%20show%20you%20how%20you%20can%20collect%20logs%20from%20Zoom%2C%20ingest%20them%20into%20Azure%20Sentinel%2C%20and%20how%20a%20SOC%20team%20can%20start%20to%20hunt%20in%20the%20logs%20to%20find%20potentially%20malicious%20activity.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhunting-threats-on-linux-with-azure-sentinel%2Fba-p%2F1344431%22%20target%3D%22_blank%22%3E%3CSTRONG%3EHunting%20Threats%20on%20Linux%20with%20Azure%20Sentinel%3C%2FSTRONG%3E%3C%2FA%3E%3CBR%20%2F%3EIn%20this%20blog%20post%2C%20we%20will%20cover%20how%20to%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EInstall%20the%20OMS%20(Operations%20Management%20Suite)%20agent%20that%20Azure%20Sentinel%20will%20use%20to%20collect%20the%20syslog%3C%2FLI%3E%0A%3CLI%3EInstall%20the%20MSTIC-Research%20branch%20of%20AUOMS%3C%2FLI%3E%0A%3CLI%3EConfigure%20Azure%20Sentinel%20to%20collect%20the%20events%3C%2FLI%3E%0A%3CLI%3EBuild%20useful%20functions%20in%20Azure%20Sentinel%20to%20aid%20threat%20hunting%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20that%20you%20will%20enjoy%20the%20read!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1345434%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

 

Monitoring Zoom with Azure Sentinel

One of the great features of Azure Sentinel is its ability to ingest and analyze data from any source not just from Microsoft products. In this blog will show you how you can collect logs from Zoom, ingest them into Azure Sentinel, and how a SOC team can start to hunt in the logs to find potentially malicious activity.

 

Hunting Threats on Linux with Azure Sentinel
In this blog post, we will cover how to:

  • Install the OMS (Operations Management Suite) agent that Azure Sentinel will use to collect the syslog
  • Install the MSTIC-Research branch of AUOMS
  • Configure Azure Sentinel to collect the events
  • Build useful functions in Azure Sentinel to aid threat hunting

 

 

I hope that you will enjoy the read!

 

 

0 Replies