No video :(

Using Azure Sentinel with Logstash

Подписаться 4,6 тыс.

Просмотров 5 тыс.

50% 1

Aside from the Azure Sentinel connectors, you could also use Logstash to ingest data in your SIEM. In this video tutorial I'll explain and demonstrate how Azure Sentinel and Logstash work together.
▼ Installing Logstash on Ubuntu 18.04
devconnected.c...
▼ Log Analytics / Sentinel plugin for Logstash
github.com/Azu...
▼ Social Jeroen Niesen
Twitter: / jeroenniesen
▼ Social AzureVlog
Twitter: / azurevlog

Опубликовано:

27 мар 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 16

@amaurisrodriguez9914 3 года назад

Great resources...keep it up!

@pasion11984 Год назад

i'm going to test it today. Thanks.

@AzureVlog Год назад

Thank you! Did you succeed with your test?

@pasion11984 Год назад

@@AzureVlog yes :)

@kns6132 11 месяцев назад

great content. Thank you.

@user-gs2cr8tr9g 10 месяцев назад

can we ingest the data in cef table or syslog table ?

@shyamaprasadbahinipati6375 2 года назад

Amazing

@human1822 Год назад

Great job 👏

@powertechlearning Год назад

Hello Sir, This was a great and simple video to understand how to forward logs to Microsoft Sentinel using Microsoft Logstash Output Azure Log Analytics (legacy) plugin method. but, now Microsoft Sentinel has added a new output plugin "microsoft-sentinel-logstash-output-plugin" which seems to be not working. Can you please create the same video using the new output plugin and forward the logs to Sentinel via DCR-based API would be grateful and helpful as my project is pending because this Plugin not working Thank you in advance Cheers with Coffee☺

@Ruchikun 2 года назад

Hi Jeroen, top filmpje al. Voor mij hoeft de muziek echter niet hoor ;) ik vind het heel hard afleiden op momenten dat je spreekt. Mag gerust weg of een dB lager.

@spop1974 Год назад

Nice job! Now that we have logs in Sentinel instance, how are analytics rules applied? Built-ins are applied or we have to create our own? Search through the logs is fine, but having alerts/incidents is better :)

@AzureVlog Год назад

In most cases you have to create the rules yourself. There is however an option to normalise your data. If your data is normalised, some analytic rules can be applied. Read more about it here: learn.microsoft.com/en-us/azure/sentinel/normalization

@HassanBanna 3 года назад

I don't see any table name under the custom logs which I used in the logstash output pluggin

@AzureVlog 3 года назад

Hi Hassan, it could be that you were a little bit to fast. It takes some time (ingestion time) to get the results in Azure Sentinel visible. Is the table still not visible? If so; is Log Stash producing any errors?

@HassanBanna 3 года назад

@@AzureVlog yeah I got it , the problem was different in my case .I was reading a csv in the input pluggin and had used backward slash (\)in the "path". When I changed to forward (/) logstash was able to read it correctly and processed it successfully.