Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more)
Want to connect a source system to Sentinel to send events? Even if not on the official source list, this is probably supported, and if not a custom community solution is avaliable. Here you can find information about it.Azure Sentinel Agent: Collecting from servers and workstations, on-prem and in the cloud
Whether deployed in the cloud, on-prem VMs or even physical machines, those are probably still the most significant attack surface and therefore the most common sources of events. In this post, you will learnhow to collect events and additional telemetry from them.Protecting your Teams with Azure Sentinel
Recent events have forced many organizations (including Microsoft) to move to a work from home model for their users. In order to ensure theirusersremain connected and productive they are turning to productivity tools such as MicrosoftTeamsto host meetings, allowteamsto collaborate, and to help colleagues keep in touch. Moving to, or increasing usage of,Teamsmeans that the serviceshould be more of a focus for defenders than everdue to its critical role in communications and data sharing. In thisblogwe are going tofocus onhow we cancollectTeamsactivitylogswithAzure Sentinel, andstart hunting for suspicious activityin thatTeamsdata.Monitoring Zoom with Azure Sentinel
In a recent blogwe talked about the explosion in usage we had seen with Microsoft Teams as the world has moved to working from home. However, Microsoft Teams is not the only application to see such as surge, Zoom is another remote productivity tool that has seen a massive increase in users, with more than 200 million daily meeting participants being reported in March. Just as Security OperationCenters (SOCs) need to monitor Microsoft Teams activity they also need to be able to secure and monitor other productivity applications such as Zoom. One of the great features of Azure Sentinel is its ability to ingest and analyze data from any source not just from Microsoft products. In this blog I will show you how you can collect logs from Zoom, ingest them into Azure Sentinel, and how a SOC team can start to hunt in the logs to find potentially malicious activity.
