Help Protect your Exchange Environment With Microsoft Sentinel
TL;DR; Sentinel + Exchange Servers or Exchange Online = better protected New Microsoft Sentinel security solution for Exchange Online and on premises servers : Microsoft Exchange Security! This content is very useful for any organization concerned about keeping the highest security posture as possible and be alerted in case of suspicious activities for those critical items.
Parsing syslog
1. i am ingesting firewall logs as syslog and trying to parse out the fields accordingly using the split command, i have a problem that the beginig of the logs is not piped and i have made the split in 2 occasions. as you can see in the attached pic the FWD|UDP|p4| fields are nit parsed out. this is the _raw syslog message: Security F180 Block: FWD|UDP|p4|192.168.x,x|67|00:15:5d:0f:c4:01|255.255.255.255|68|bootpc||LAN-2-INTERNET|4017|0.0.0.0|0.0.0.0|0|1| 2. can you show me the same using normal regex i cant see in MSFT doc how to do it the old way 🙂 3. should i do the parsing on search time of the query? doesnt it increase the search time?
What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!
The CrowdStrike Falcon Data replicator V2 Data connector is now available as a part of the CrowdStrike Falcon Endpoint Protection solution in Microsoft Sentinel Content Hub. The connector leverages an Azure Function – based backend to poll and ingest CrowdStrike Falcon Data Replicator logs at scale. Some of the advantages this new V2 data connector offers are:Microsoft Sentinel Support for Ingestion-Time Data Transformations
Log Analytics has recently announced two new features: ingestion time transformations and Data Collection Rules (DCR)-based custom logs. This is a huge milestone not only for Log Analytics, but also for Microsoft Sentinel, as it enables a wide range of scenarios like filtering, masking, enrichments, and parsing; allowing Sentinel's customers to optimize storage costs, improve their security analytics, and enjoy better performance and ease of use.
