Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more)
Want to connect a source system to Sentinel to send events? Even if not on the official source list, this is probably supported, and if not a custom community solution is avaliable. Here you can find information about it.Azure Sentinel Agent: Collecting from servers and workstations, on-prem and in the cloud
Whether deployed in the cloud, on-prem VMs or even physical machines, those are probably still the most significant attack surface and therefore the most common sources of events. In this post, you will learn how to collect events and additional telemetry from them.Protecting your Teams with Azure Sentinel
Recent events have forced many organizations (including Microsoft) to move to a work from home model for their users. In order to ensure their users remain connected and productive they are turning to productivity tools such as Microsoft Teams to host meetings, allow teams to collaborate, and to help colleagues keep in touch. Moving to, or increasing usage of, Teams means that the service should be more of a focus for defenders than ever due to its critical role in communications and data sharing. In this blog we are going to focus on how we can collect Teams activity logs with Azure Sentinel, and start hunting for suspicious activity in that Teams data.Monitoring Zoom with Azure Sentinel
In a recent blog we talked about the explosion in usage we had seen with Microsoft Teams as the world has moved to working from home. However, Microsoft Teams is not the only application to see such as surge, Zoom is another remote productivity tool that has seen a massive increase in users, with more than 200 million daily meeting participants being reported in March. Just as Security Operation Centers (SOCs) need to monitor Microsoft Teams activity they also need to be able to secure and monitor other productivity applications such as Zoom. One of the great features of Azure Sentinel is its ability to ingest and analyze data from any source not just from Microsoft products. In this blog I will show you how you can collect logs from Zoom, ingest them into Azure Sentinel, and how a SOC team can start to hunt in the logs to find potentially malicious activity.
