User Profile

G_Singh_

Copper Contributor

Joined Dec 16, 2020

2 Posts3 LikesLikes received

View All Badges

User Widgets

Recent Discussions

Log Ingestion Options
Hi, Is anyone ingesting Fortinet Firewalls, ZScaler, and Cisco Meraki logs into Sentinel? All three data sources require a log forwarder (Linux Syslog). I might use the below flow as a scalable design Data Sources -> Load Balancer -> VMSS or Individual Forwarders (With AMA & RSyslog/syslog-ng Daemon) --- sentinel workspace As Meraki uses a different port "22033 by default" and file "meraki.conf". For example, CEF (Fortinet and Zscaler) uses TCP port 25226 or 25224 for forwarding traffic to the workspace, need assistance on the below queries please: - Which option would be the best and cost-effective, VMSS-based log ingestion, or have two separate forwarders (One for CEF and another for Meraki)? - In the case of the based method, can we set it up to accommodate traffic from all three sources? - How can we manage encryption from data sources ->Load Balancer? thanks
Feb 20, 2024 Place Microsoft Sentinel
siem
768Views
3likes
0Comments
Normalize Billable Assets EASM
Hi, we're currently evaluating EASM and running a trial POC. We've used the default predefined attack surface template for our Org. The Billable asset count number is quite high and "Host: IP pairs" are contributing mostly which are IPv6 addresses. Can we filter out all these IPv6 for example: Changing their state from Approved to >> "Candidate" or "Dismissed"? The ultimate goal is to normalize the Billable Assets to get accurate cost estimates by filtering out IPv6 addresses. thanks
Jan 08, 2024 Place Microsoft Defender External Attack Surface Management
Microsoft Defender External Attack Surface Management
526Views
0likes
0Comments

Recent Blog Articles

No content to show