Azure Sentinel webinar: Data Collection Scenarios

Рет қаралды 8,341

Күн бұрын

#MicrosoftSentinel March 18, 2021, 11:00 AM ET / 8:00 AM PT (webinar recording date)
Presenter(s): Edi Lahav & Yaniv Shasha
Overview: In this webinar we will learn more about a variety of solutions for log collection methods such as Logstash/CEF/WEF and scenarios we often encounter such as permissions restriction to tables, log filtering, collecting logs from AWS/GCP, O365 raw logs and more. We’ll also review some of the new features of Azure Monitor Agent (AMA).
To ensure you hear about future Microsoft Sentinel webinars and other developments, make sure you join our community by going to aka.ms/Securit...
Deck shared during the webinar can be accessed on aka.ms/Securit...
below the recordings section.

Пікірлер: 3

@Ruchikun 2 жыл бұрын

[07:08] Data collection sources [09:23] Common considerations & aspects [10:42] common scenarios and challenges [16:00] data collection secenarios [17:38] Customer asks to filter logs [17:42] Azure Monitor Agent & DCR [19:38] Logstash [22:03] Log filtering - Linux [23:44] Logstash - tagging & enrichment [25:28] Linux - agentless collection [27:40] Servers are blocked from internet access - OMS gateway [29:15] Customers asks to restrict access (log analytics RBAC) [32:00] Logstash permissions - RBAC [33:29] Demo - Logstash resource tagging [36:25] Customer would like to split between ops and security logs [39:00] Customer would like to collect custom logs (iis, apache) [50:45] Customer would like to collect logs from aws GCP

@mainhunsas 3 жыл бұрын

fantastic session. Great work and improvements on the log collection and processing. Biggest ask. Is there anyway one could try Sentinel environment without having an Azure subscription? Such as a demo or some pre-created environment?

@dlgross1 3 жыл бұрын

I was told that this will be added to the demos environment for MSFT Partners sometime this fall.