integration
122 TopicsHelp Ingesting PingID Logs into Microsoft Sentinel
Hello, Microsoft Sentinel has a Data Connector for PingFederate, however this does not capture other PingIdentity products. Namely, PingID logs. Making this post asking if there are any ways to best implement ingesting PingID logs into Sentinel, as I am unable to find any documentation for PingIdentity or Sentinel that would assist me in coming up with a solution. Thank you for all comments and ideas.21Views0likes1CommentSentinel and Amazon Web Services S3 WAF
Hello, I'm using Sentinel to fetch AWS WAF logs using the new collector Amazon Web Services S3 WAF . I setup a first collection using the ARN role and SQS Queue (Francfort Region). arn:aws:iam::XXXXXXXXX:role/OIDC_MicrosoftSentinel https://sqs.eu-central-1.amazonaws.com/XXXXXXX/sqs-aws-cloudwatch-sentinel I then add new collection using ARN role and SQS Queue (Francfort Region). arn:aws:iam::XXXXXXXXX:role/OIDC_MicrosoftSentinel https://sqs.eu-west-3.amazonaws.com/XXXXXXX/sqs-aws-cloudwatch-sentinel Adding the second collection erase the first one !! Is it a bug ?? Regards, HA39Views1like1CommentQualys Vulnerability management integration with Function app
Hello, I have deployed Qualys VM with sentinel by Azure function app. I am not getting any error, function app is working fine. I am getting blank output: Furthermore, I have not added any filter parameter in environment variables and don't have any idea what could be added here. Since the output is blank Qualys data connector is showing status disconnected. If anyone can help me out please comment below. TIA333Views0likes1CommentPalo Alto Global Protect Logs Missing Most information
Hi all, I've integrated Palo Firewall with MS Sentinel. For most log type (Traffic, Threat, System), everything is working fine. But for GlobalProtect log type, it's missing almost all valuable values (no username, authentication status (failed or success), Portal Name, Gateway Name, etc... I used to following URL to defines CEF format. https://github.com/pemontto/Palo-Alto-CEF/blob/master/10.0/globalprotect.txt PS: PANOS version 11.x Any idea ?? Regards, HASolved1.1KViews0likes6CommentsCan we deploy Bicep through Sentinel repo
Hi there, Im new here, but π .... With the problem statement being "Deploying and managing sentinel infrastructure through git repository. I had looked into Sentinel Repository feature which is still in Preview. With added limitations of not being able to deploy watchlists or custom log analytical functions ( custom parsers ). There is also a limitation of deploying only ARM content My guess would be that the product folks at msft are working on this π My hypothesized (just started the rnd, as of writing this) options would be to Fully go above and beyond with Bicep; Create bicep deployment files for both the rules as well as their dependencies like LAW functions, watchlists and the whole nine yards. Need to write pipelines for the deployment. The CI/CD would also need extra work to implement Hit that sweet spot; Deploy the currently supported resources using sentinel repo and write a pipeline to deploy the watchlists using Bicep. But not sure if this will be relevant to solutions to clients. When the whole shtick is that we are updating now so we dont have to later. Go back to the dark ages: Stick to the currently supported sentinel content through ARM & repo. And deploy the watchlists and dependencies using GUI π I will soon confirm the first two methods, but may take some time. As you know, I may or may not be new to sentinel...or devops.. But wanted to kick off the conversation, to see how close to being utterly wrong I am. π Thanks, mal_sec45Views1like0CommentsSentinel IP for WEST EUROPE
Hi. I have this issue, where I have Sentinel and need the data connector setup for accessing Github. If my github Org do have IP Allow list enabled this do not work. So I need to find the IP's that the Connector talks out from Azure / Sentinel with when hitting the github service so I can whitelist those. If I take the IP scopes for Sentinel they are quite extensive and it cannot be that I need to whitelist every single Azure monitor/sentinel IP just to get those that Sentinel uses to talk to an API, but how can I find the needed IP's Or is there another way to get Audit logs from Github when there is IP restrictions enabled on the Github organization (in a github cloud enterprice setup)24Views0likes0CommentsMicrosoft Power BI connector for Microsoft Sentinel
Since the Microsoft Power BI connector for Microsoft Sentinel currently does not support data collection rules (DCRs), how can we transform or filter the data and monitor the logs? Is there any documentation available on this?25Views0likes0CommentsHelp us plan our upcoming "Mastering API Integration with Sentinel and USOP" public webinar
Hello on behalf of the Microsoft SIEM & XDR Engineering organization! On December 5th, 2024, we will host a public webinar on how to effectively integrate APIs with Microsoft Sentinel and the Unified Security Platform. This session will cover when to use APIs, how to set them up, and potential challenges. We will present live demos to guide you through the process. To ensure this webinar is as engaging and relevant as possible for you, weβd love your input to help us create its agenda! Help us plan this webinar Do you have any use cases you think we should feature? Or have you encountered any blockers that you'd like us to address? Weβre eager to find out what content matches your needs the most! Please answer this survey to help us with your input. It will remain open until October 31st, 2024. Take the survey here: https://forms.office.com/r/hrWtm34WFu Join the webinar on December 5th! In addition to helping us plan it, we hope to count on your participation. Register at Register for this webinar at https://aka.ms/MasteringAPISentinelUSOPWebinar. Thank you for your contributions! Naomi Chistis and Jeremey Tan - Microsoft SIEM & XDR Team315Views1like1CommentNew Survey: Your Input for the Microsoft Sentinel Ecosystem
Survey Link: https://forms.office.com/r/Yy7WWFGyeD Solutions and integrations in the Microsoft Sentinel ecosystem, such as those available in Content Hub, are pivotal in bolstering the security coverage of organizations. As our customers increasingly integrate Microsoft Sentinel with Microsoft Defender XDR, by enabling our unified SOC platform, the importance of this ecosystem only increases. In this brief survey, we seek your suggestions on improving Microsoft Sentinel's ecosystem. Whether it's a feature request, an idea for a new solution, or an enhancement to an existing one, we welcome your feedback. Feel free to submit multiple responses if you have multiple suggestions. Your insights will help us prioritize features that matter most to you. Thank you for your contributions! The Microsoft SIEM & XDR Team Microsoft respects your privacy. Review our online Privacy Statement here: https://privacy.microsoft.com/en-us/privacystatement220Views0likes0CommentsGCP IAM Connector
Hi, I've been trying to use the GCP IAM connector in Sentinel. I have enabled the cloud logging api, enabled the audit logs, created a service account, with the following roles - Cloud API Gateway Management Service Agent Cloud API Gateway Service Agent Logging Admin Monitoring Alert Policy Editor Monitoring Services Editor Private Logs Viewer. Created a key and downloaded the json. Installed the the GCPIAM function with the required parameters but get a 403 error. Exception while executing function: Functions.AzureFunctionGCPIAM ---> Microsoft.Azure.WebJobs.Script.Workers.Rpc.RpcException : Result: Failure Exception: Forbidden: 403 POST https://logging.googleapis.com/v2/entries:list?prettyPrint=false: The caller does not have permission Has anyone else had this issue?1.1KViews0likes1Comment