From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,300 courses taught by industry experts.
Connecting external services
From the course: Implementing and Administering Microsoft Sentinel
Connecting external services
- [Instructor] In addition to Microsoft services, we can also connect external or third party services to Microsoft Sentinel. And there are dozens of network and security hardware and software vendors that support integration with Sentinel. And here are just a few and I trust you see some names you recognize. And when it comes to Sentinel, many of these vendors have one important thing in common, and that is how Sentinel consumes their data. And generally speaking, Syslog is a very common go-to for your physical and virtual network appliances like Barracuda, Check Point, Cisco, Palo Alto, F5, and more. You're going to use an agent running on a Linux VM dedicated to capturing Syslog events for Sentinel and forwarding them on to your Microsoft Sentinel incidents. And there are two architecture options you have here, really. So in a perfect world, we might be collecting Syslog data from our devices on a Linux VM in Azure, as we have pictured here, sending our network traffic across our…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.