Azure Sentinel Lab Series | 100 ways to get data into Azure Sentinel | EP4
Рет қаралды 7,828
Күн бұрынPowershell, Python, API, Logic Apps, ADX, Workbooks, and many more. I will go deep into every single way I know how to get data into Azure Sentinel. If you don't wanna learn it all, then just click on the timestamp 😋
00:00:00 - Begin
00:01:00 - How Azure Sentinel Data Connectors Work
00:10:05 - Available pre-built data connectors (98 connectors) - Now you know how I got 100 HAHA
00:10:30 - How to ingest Akamai data into Azure Sentinel
00:13:52 - Microsoft Data Connectors
00:14:52 - Deploy Proofpoint connector with deployment button
00:20:52 - Workbooks - Getting data into Sentinel Workbooks
00:21:24 - Workbooks - Getting data from the Azure Resource Graph
00:22:55 - Workbooks - Getting data from Azure Resource Manager API
00:23:45 - Workbooks - Getting data from Azure Data Explorer Cluster
00:24:24 - Workbooks - Making a custom static JSON for a workbook
00:26:35 - Workbooks - Using the workbook to query a custom URL API endpoint
00:31:25 - Cross Cluster query from Azure Sentinel to ADX
00:33:30 - Using PowerShell to send data to Azure Sentinel
00:43:00 - Using Python, C#, JavaScript to send logs to Azure Sentinel
00:44:24 - Storing data in Azure Data Explorer (ADX) for Azure Sentinel to query
00:51:15 - Using Logic Apps to send data to Azure Sentinel
Free public APIs
github.com/public-apis/public...
Powershell script to send logs to Azure Sentinel
docs.microsoft.com/en-us/azur...
Azure Sentinel Lab Series Playlist
• Azure Sentinel Lab Series
Become an Azure Sentinel Ninja: The complete level 400 training
techcommunity.microsoft.com/t...
It is not required, but please watch the KQL tutorial series prior to doing this lab.
• KQL Tutorial Series
Connect with me!
Twitter - / teachjing
LinkedIn - / teachjing
@rahul53403 2 жыл бұрын
Good one👍👍👍 awesome👏👏👏
@weekendvivasayi4308 3 жыл бұрын
Hi TeachJing. Your videos are nice. Thank you dude.
@uriel4292 2 жыл бұрын
Hi TeachJing, I learned a lot on your videos. I'm new to KQL and Sentinel. I have a question by the way. I work in a small company any we have M365 and Azure Identity Protection. I noticed that Sentinel will display duplicate alerts coming from Azure Identity Protection and M365. What could be the reason for that?
@TeachJing 2 жыл бұрын
Check if your actually receiving two events. If you are generating two alerts then you need to check if you are grouping similar alerts together so only one incident is generated. I’ll make a video they explains it next week that explains it in detail along with other things.
@darwingalao7019 3 жыл бұрын
hi TeachJing, nice tutorial! can you show next time how to integrate M365 alerts to Azure Sentinel. Thanks! keep up the good work!
@TeachJing 3 жыл бұрын
Most def. it’s almost done, you will like the next videos.
@darwingalao7019 3 жыл бұрын
@@TeachJing Wow that was a quick one! Will definitely watch that! Thank you.
@jaikisan3393 2 жыл бұрын
@@TeachJing "can you show next time how to integrate M365 alerts to Azure Sentinel."Is it done yet?
TeachJing
Рет қаралды 9 М.
TeachJing
Рет қаралды 7 М.
TeachJing
Рет қаралды 3,4 М.
TeachJing
Рет қаралды 34 М.
Microsoft Security Community
Рет қаралды 4,5 М.
Microsoft Security Community
Рет қаралды 7 М.