Posted in AZ-500 Azure Security Engineer Associate, Azure Security Engineer, Azure Solutions Architect, MS Cyber Security Architect Expert

What are Azure Sentinel Data Connections ?

   March 8, 2023

Describe Azure Sentinel is a cloud-native Security Information and Event Management (SIEM) solution that allows you to collect, store, and analyze security data from a wide range of sources. These sources are referred to as data connectors, and Azure Sentinel supports a variety of connectors to enable you to ingest data from different sources.

Azure Sentinel data connectors fall into several categories:

  1. Microsoft connectors: These connectors enable you to collect data from Microsoft services such as Azure Activity Logs, Azure AD logs, Azure Firewall, and Microsoft 365.
  2. Azure partner connectors: Azure Sentinel has partnered with several security vendors to enable you to collect data from their solutions. These vendors include Check Point, Symantec, Palo Alto Networks, F5 Networks, and more.
  3. Industry-standard connectors: Azure Sentinel supports a range of industry-standard connectors such as Syslog, Common Event Format (CEF), and Security Assertion Markup Language (SAML).
  4. Custom connectors: Azure Sentinel also allows you to create custom connectors to collect data from any source that supports APIs.

When configuring data connections in Azure Sentinel, you will need to provide the necessary configuration details, such as the source address, protocol, port, and authentication details. You can also customize the data ingestion process by defining filters and transformations to ensure that only relevant data is collected.

Once you have configured data connections in Azure Sentinel, you can start ingesting security data from your sources. Azure Sentinel provides a range of tools and features to help you analyze and respond to security threats, including pre-built detection rules, machine learning models, and customizable dashboards and workbooks.

Here is a comprehensive list of all the data connections available in Azure Sentinel:

  1. Azure Active Directory (AAD) sign-in logs
  2. Azure Advanced Threat Protection (ATP)
  3. Azure Application Gateway
  4. Azure Container Registry
  5. Azure Container Instances
  6. Azure DNS
  7. Azure Firewall
  8. Azure Information Protection
  9. Azure Key Vault
  10. Azure Kubernetes Service (AKS)
  11. Azure Resource Manager (ARM) Activity logs
  12. Azure Security Center
  13. Azure Service Health
  14. Azure Storage
  15. Azure Virtual Machines (VMs)
  16. Azure Virtual Network (VNet) flow logs
  17. Azure Web Application Firewall (WAF)
  18. Cisco ASA
  19. Check Point Firewall
  20. CrowdStrike Falcon
  21. CyberArk Privileged Access Security Solution
  22. F5 BIG-IP
  23. IBM QRadar
  24. McAfee Endpoint Security
  25. Microsoft Cloud App Security
  26. Microsoft Defender Advanced Threat Protection (ATP)
  27. Microsoft Office 365
  28. Microsoft Threat Intelligence
  29. Microsoft 365 Defender
  30. Palo Alto Networks Firewall
  31. Proofpoint Email Protection
  32. Qualys Vulnerability Management
  33. SentinelOne Endpoint Protection
  34. Symantec Endpoint Protection
  35. Symantec Web Security Service (WSS)
  36. Tenable.sc
  37. Trend Micro Deep Security
  38. Zscaler Internet Access

In addition to these connectors, Azure Sentinel also supports industry-standard connectors such as Syslog, Common Event Format (CEF), and Security Assertion Markup Language (SAML), and allows you to create custom connectors to collect data from any source that supports APIs.

Share: XFacebookPinterestLinkedin
Author: tonyhughes