User Profile
Ofer_Shezaf
MicrosoftJoined 6 years ago
User Widgets
Recent Discussions
Everything Azure Sentinel connectors
Hi Everyone, I have finalized my blog series on ingesting data to Azure Sentinel and thought you might find a summary useful. Even if you don't find the event, or enrichment, source in one of thebuilt-in connectors, good chances that Sentinel does support it, and if not, Sentinel has a broad array of tools to create custom connectors. Here are the relevant blog posts to guide you to find your connector or develop a custom one: Using the agent to collect telemetry from on-prem and IaaS server Collecting Azure PaaS services logs The Syslog and CEF source configuration grand list Creating Custom Connectors ~ OferAzure Sentinel product updates
Changes and new features Cases are now incidents: to better align with other Microsoft products; the term "cases" is changing to "incidents". Incident comments: The comments feature enables customers to write multiple comments in the scope of an incident, and review them under the comments tab in the incident page. We have removed the option for auto-deploying a CEF/Syslog connector VM. While a convenient function, we understood that it might present a security risk as this was not a managed VM, and users were in charge of securing the VM. Blog posts Azure Sentinel Agent: Collecting telemetry from on-prem and IaaS server Azure Sentinel: The Syslog and CEF source configuration grand list Collecting Azure PaaS services logs in Azure Sentinel Other Edoardo Gerosa and Olaf Hartong have presented at DefCon the "Sentinel ATT&CK", which aims to simplify rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. Cool staff and tons of out of the box detectionsSentinel meetup in London on the 29th
Hi Everyone, There is an Azure Sentinel meetup in central London on May 29 th . The event is not affiliated with Microsoft, and I am sure will be both educational and fun. Always great to meet people with similar interests. So if you are around and want to join or want to forward it to someone: https://www.meetup.com/UK-Cloud-Infrastructure-User-Group/events/261419301/ ~ OferPrivate preview for automated playbook activation on an alert
Hi Everyone, Encountered this? I am happy to announce that we have started private for automated playbook activation. If you would like to fire up a playbook when an alert rule triggers, contact meto be included in the preview. Thanks ~ Ofer
