Can we deploy Bicep through Sentinel repo
Hi there, Im new here, but 😅.... With the problem statement being "Deploying and managing sentinel infrastructure through git repository. I had looked into Sentinel Repository feature which is still in Preview. With added limitations of not being able to deploy watchlists or custom log analytical functions ( custom parsers ). There is also a limitation of deploying only ARM content My guess would be that the product folks at msft are working on this 😋 My hypothesized (just started the rnd, as of writing this) options would be to Fully go above and beyond with Bicep; Create bicep deployment files for both the rules as well as their dependencies like LAW functions, watchlists and the whole nine yards. Need to write pipelines for the deployment. The CI/CD would also need extra work to implement Hit that sweet spot; Deploy the currently supported resources using sentinel repo and write a pipeline to deploy the watchlists using Bicep. But not sure if this will be relevant to solutions to clients. When the whole shtick is that we are updating now so we dont have to later. Go back to the dark ages: Stick to the currently supported sentinel content through ARM & repo. And deploy the watchlists and dependencies using GUI 🙃 I will soon confirm the first two methods, but may take some time. As you know, I may or may not be new to sentinel...or devops.. But wanted to kick off the conversation, to see how close to being utterly wrong I am. 😎 Thanks, mal_sec
Migrate from MMA to AMA
Hello everyone, We're planning to migrate from MMA to AMA. As per our design, some servers in our environment limit internet connection. So, we installed the MMA and pointed it to the OMS gateway. We can download the MMA on an internet-connected machine and share the agent with no internet machine. In the current AMA design, I need to install Azure Arc first. However, there is no Azure Arc agent like MMA. Please provide me with the straightforward way to install Azure Arc and AMA on servers with no internet access.
Menlo and Archer integration with Microsoft Sentinel
We have two scenarios, 1- We want to integrate Menlo Security tool with Microsoft Sentinel, and it looks like there isnt any built-in connector or matter of fact no materiel out there. 2- We also want to integrate Sentinel with Archer (so sentinel can send incident/alert data to Archer), a risk management tool with ticketing capability. Could you guys please advise how this can be achieved, I know custom connector build would be the answer but does any one have achieved this already, any tips suggestions?
OMS-Agent Onboarding Error
We are trying to onboard ApacheHTTP server to Sentinel using OMS-Agent, after installation we run to the troubleshooter and have the following error: ALL ERRORS/WARNINGS ENCOUNTERED: ERROR FOUND: file /etc/opt/microsoft/omsagent/conf/omsadmin.conf doesn't exist. We tried with two different Linux versions : Centos 7.2 and RHEL 7.9 Same problem is encountered. Any solution for that?
