By Dan Kobialka and Azure Security News
Microsoft has launched over 30 new out-of-the-box data connectors for its Azure Sentinel security information and event management (SIEM) platform. Azure Sentinel customers can use the connectors to access and analyze data from different products, the company said.
The new Azure Sentinel data connectors include:
- Cisco: Four Cisco connectors enable users to ingest data from Cisco Umbrella, Cisco Meraki, Cisco Firepower and Cisco UCS logs.
- NXLog: Two NXLog connectors deliver audit and analytical DNS server events and Linux security events to Azure Sentinel in real-time.
- Salesforce Cloud: A Salesforce Cloud connector allows operational events to be ingested in Azure Sentinel.
- Akamai: An Akamai connector ingests security events generated by Akamai’s cloud computing platform into Azure Sentinel.
- Trend Micro: Two Trend Micro connectors ingest Trend Micro TippingPoint SMS IPS events and Trend Micro XDR workbench alerts.
The new data connectors also include a parser that transforms ingested data into an Azure Sentinel normalized format, Microsoft stated. This format correlates different types of data from different data sources to drive end-to-end outcomes in Azure Sentinel security monitoring, hunting, incident investigation and response scenarios.
In addition, Microsoft has introduced new workbooks and analytic rule templates for Azure Sentinel. These workbooks and analytic rule templates can help Azure Sentinel customers monitor data sources and identify cyber threats, the company noted.
Microsoft Upgrades Azure Sentinel-Microsoft 365 Defender Integration
Along with its new Azure Sentinel data connectors, Microsoft in March 2021 also enhanced its Azure Sentinel-Microsoft 365 Defender integration.
Microsoft has fully integrated Microsoft 365 Defender incidents with Azure Sentinel, the company said. This ensures that security incidents from Microsoft 365 Defender automatically appear in the incident queue in Azure Sentinel and can be triaged and enriched with other data and insights.
Azure Sentinel is the first SIEM built into a public cloud platform, according to Microsoft. It offers a catalog of more than 100 built-in connectors for Microsoft 365, Azure and other clouds, endpoints, networks and users.