Data Connectors onboarding | Windows Security Events

Data Connectors onboarding | Windows Security Events | Syslog (Linux)

Рет қаралды 10,629

WhiteEyeSecurity(TheRealTechnicalConfiguration)

Күн бұрын

After you onboard Microsoft Sentinel into your workspace, you can use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for Microsoft services, which you can integrate in real time. For example, the Microsoft 365 Defender connector is a service-to-service connector that integrates data from Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.
Data Connectors onboarding
Windows Security Events
Syslog For Linux
learn.microsof...
learn.microsof...

Пікірлер: 24

@cianmclaughlin6375 10 ай бұрын

Great video. Can you do one a video on how this would be configured for on-premise also?

@jesuseduardofonsecahernand4374 24 күн бұрын

Really appreciate the explanation of this video, thank you so much. Best regards

@anandsinghdhouni Ай бұрын

Thanks for making such a valuable content

@rawitez33 11 ай бұрын

Hi bro, are you doing this playlist with free trail subscription or paid vesion, bcz I would not to see the Dataconnectors and incident of it. Btw Thanks bro clear explained.

@whiteeyesecuritytherealtec6623 11 ай бұрын

You need to add all the data connector from Content Hub as a new process, Thanks.

@jesuseduardofonsecahernand4374 24 күн бұрын

Subscribed ty.

@DaljeetSinghh Жыл бұрын

What a nice explanation. Understood the concept ! Thanks for this awesome video ..👍

@whiteeyesecuritytherealtec6623 Жыл бұрын

Glad it helped

@vishalrameshraodhatrak6008 7 ай бұрын

Hi....I need your help to understand Defender for IoT integration (Linux Base) with Azure Sentinel...How may I contact you ?

@VinayaROCKS Жыл бұрын

nice video, what to do if we wish to connect onprem windows machines events to AMA

@whiteeyesecuritytherealtec6623 Жыл бұрын

In case of on prem or other cloud machines, Azure Arc is the Solution. Onboard the Machines to Arc and then easily you can install the monitoring agent on them.

@VinayaROCKS Жыл бұрын

@@whiteeyesecuritytherealtec6623 thank you for response. Can we forward the events to azure ? Is this possible

@whiteeyesecuritytherealtec6623 Жыл бұрын

@@VinayaROCKS Yes After Arc installation you can do most of the things like you do for Azure Virtual machines.

@123ranaldo Жыл бұрын

I didn't have any VM's ? so do i have to create one?

@whiteeyesecuritytherealtec6623 Жыл бұрын

You don't need to you you don't have windows machines.

@MsVaibhav18 Жыл бұрын

How to onboard windows workstations with sentinel.( Non Azure VM )

@whiteeyesecuritytherealtec6623 Жыл бұрын

Please use Azure ARC for the one prem or other cloud Virtual machines. azure.microsoft.com/en-in/products/azure-arc learn.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-azure-sentinel

@vinayrb8682 11 ай бұрын

In case of Windows security events, during add resource section what's the purpose of select of scope? if No windows VM's in the scope part what to select? scope dialog box is showing empty , no machines to select scope

@rawitez33 11 ай бұрын

As of my opinion before you selecting any Vm's need to have an existing Vm's on a Virtual space.

@whiteeyesecuritytherealtec6623 10 ай бұрын

Hello Vinay, If there is no windows machines this will not impact anything. But once you will create a windows machine and if you have scope already selected like subscription they will be onboarded to the sentinel connector. That's the use of DCR.

@karthikmathen1256 Жыл бұрын

Awesome video I would like to interested take training from you.

@whiteeyesecuritytherealtec6623 Жыл бұрын

Hello Karthik, I hope you are well. Sorry I do not provide personal training at the moment, Being said that you can always send me your queries through email and I will be happy to assist you. Thank You.