Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Threat Intelligence

New Azure Sentinel connectors

Azure Sentinel News Editor by Azure Sentinel News Editor
November 30, 2020
in Threat Intelligence
0
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
4.4kViews
792 Shares Share on Facebook Share on Twitter

Today, we are announcing over a dozen new connectors for leading security solutions that enable data collection and automation scenarios in Azure Sentinel. Customers have diverse environments with different security solutions. These connectors make it easy for customers to collect and analyze their security data from these different security solutions at cloud scale. New workbooks and analytic rule templates are also available to help you monitor these new data sources and detect threats immediately. Refer to the documentation for a complete list of data connectors and Azure Logic Apps custom connectors that you can leverage in Azure Sentinel.

VMware Carbon Black

Use the Carbon Black data connector to ingest Carbon Black events, audit logs and notifications in Azure Sentinel. There is a new workbook as illustrated below, and analytic rule templates on critical threats and malware detections to help you get started immediately.

VMware Carbon Black Workbook

Sophos XG Firewall

Collect Sophos XG Firewall logs using the Sophos data connector and the related workbook to monitor the network traffic and firewall status. Furthermore, enable the port scans and excessive denied connections analytic rules to create custom alerts and track as incidents for the ingested data.

Okta SSO

Okta Single Sign-on audit and event logs can now be easily ingested using the Okta SSO data connector. Monitor user activity and authentication status using the workbook. Enhance your threat detection capability with analytics to track invalid user logins, geolocation logins and password spray attacks.

Symantec

Two new data connectors for Symantec enable you to ingest Symantec Proxy SG (Secure Gateway) and Symantec VIP logs. Use the new workbooks for these data sources to monitor their gateway and authentication logs. Out-of-the-box analytic rule templates for excessive failed authentications, suspicious URL access and denied client and proxy traffic can help with threat detection capabilities as well.

Qualys VM

Use the new Qualys VM data connector to ingest Qualys Vulnerability Management detections. There is a new workbook to monitor Qualys reported vulnerabilities in Azure Sentinel as illustrated below. Detections for new high severity vulnerabilities and high volume of vulnerabilities can enable customized alert generation and incident management in Azure Sentinel.

Qualys VM Workbook

Vectra AI

Use the Vectra data connector to ingest detection analytics from Vectra and the related workbook to drill down into the behavioral analytics and create custom alerts. Refer to the Vectra AI announcement for detailed information.

Proofpoint TAP

Proofpoint Targeted Attack Protection (TAP) logs and events can now be ingested using the Proofpoint TAP data connector. Visualize the message and click logs and events data using the workbook. Use the analytics for malware attachment and malware links clicked for enhanced alerting and incident management.

Infoblox NIOS

Collect your Infoblox Network Identity Operating System (NIOS) logs using the Infoblox NIOS data connector. Drilldown into the DHCP and DNS logs using the workbook. Detect threats using the DHCP starvation attacks and excessive DNS domain queries analytics.

RiskIQ

Tap into threat intelligence feeds from RiskIQ using RiskIQ Azure Logic App connector in playbooks to enrich analytics, incidents and investigation experiences in Azure Sentinel as illustrated below. Deploy one or more of the RiskIQ enrichment playbooks available on the Azure Sentinel GitHub repository to your Azure Sentinel workspace to get started now!

Risk IQ Playbook

Pulse Connect Secure

Ingest Pulse Connect Secure logs in Azure Sentinel using the Pulse Connect Secure data connector. Monitor your VPN device logs using the workbook. Use the high volume of failed logins and multiple failed VPN user logins analytics to generate custom alerts and manage as incidents.

Perimeter 81

Perimeter 81 activity logs can be ingested using the Perimeter 81 data connector. Use the Perimeter 81 overview workbook to monitor activities like login failure. Create custom alerts using the Perimeter 81 data in Azure Sentinel to detect threats.

Alcide kAudit

Identify anomalous Kubernetes behavior by ingesting the Alcide kAudit activity logs and detections using the Alcide data connector. Build your custom workbooks to monitor the data and create custom analytic rule templates to detect threats using this data.

Illusive Networks

Illusive Attack Management System data connector enables you to ingest Illusive’s attack surface analysis data and incident logs. You can view this data in dedicated dashboards that offer insight into organization’s attack surface risk (ASM workbook) and track unauthorized lateral movement in your organization’s network (ADS workbook).

Orca Security

Ingest Orca Security alerts in Azure Sentinel using the Orca security data connector. Build your custom workbooks to monitor the data and create custom analytic rule templates to detect threats using this data.

Eset

Ingest Eset Security Management Center firewall, threat and audit events using the Eset data connector. Use the workbook to monitor threats pertaining to users and hosts and the Eset SMC detections to get alerted on critical threats and sites blocked by Eset.

Closing

Try out the new connectors, workbooks, and analytics in Azure Sentinel, and let us know your feedback using any of the channels listed in the Resources.

You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.

Reference: https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-sentinel-connectors/ba-p/1535786

Tags: analyticsAzure Logic AppsAzure SentinelsData ConnectorsPlaybooksWorkbook
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
Threat Intelligence

Tips for Parsing Syslog to Azure Sentinel

December 31, 2020
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
Threat Intelligence

Locate all the Preview Goodies in Your Azure Sentinel Console

December 30, 2020
Microsoft is quietly becoming a cybersecurity powerhouse
Threat Intelligence

How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

December 29, 2020
Next Post
Microsoft is quietly becoming a cybersecurity powerhouse

Hunting the Clues- Azure Sentinel Administrative Suspicious Activities Library

Vectra AI and Microsoft partner on security integration

What's New: Cross Workspace Hunting is now available!

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

What's New: Azure Sentinel Machine Learning Behavior Analytics: Anomalous RDP Login Detection

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

New analytics to help Azure-based Sentinel identify threats

New analytics to help Azure-based Sentinel identify threats

4 months ago
What’s new: Microsoft Teams connector in Public Preview

How to Create a Backup Notification System in the Event an Unauthorized User Accesses Azure Sentinel

2 months ago
What’s new: Microsoft Teams connector in Public Preview

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

6 days ago
New analytics to help Azure-based Sentinel identify threats

Microsoft Fixed an Azure Security Vulnerability before Researchers Could Report It

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SOC

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

by Azure Sentinel News Editor
March 8, 2021
0

I’ve spent a good amount of time so far on this blog talking about steps on how...

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration March 8, 2021
  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News