Apr 04 2020 06:57 PM
Hello,
Have a hybrid environment, VM's in Azure in various subscriptions, hub contains NVA from vendors as well as LB. We have NAT also. Question is one of SNAT and log stitching to follow the following scenarios:
Trying to think of ways to achieve this, can think of some, but no great one as yet, this cannot be a unique situation, any suggestions please to consider?
Apr 12 2020 06:40 AM
Hi @cpm2710,
I think that Azure Sentinel, our SIEM product, might be your solution here. For information on how to collect events see here (it does not list all your sources, but is a start):
Than you need to "Stitch", which in the SIEM jargon we call correlate. For that, see those blog posts: