Announcing 15+ New Azure Sentinel Data Connectors

Posted on by No Comments ↓

Today, we are announcing over 15 new out-of-the-box data connectors for Azure Sentinel to enable data collection for leading products across different industries and clouds. With these new connectors, we are continuing the momentum to enable customers to easily bring data from different products into Azure Sentinel and analyze that data at cloud scale, giving them a broad view of their entire environment. These new data connectors come in addition to the newly announced Azure Sentinel Solutions which features a vibrant gallery of 32 solutions for Microsoft and other products.


 


Zscaler ZPA (Private Access)


The Zscaler Private Access (ZPA) data connector provides the capability to ingest Zscaler Private Access events into Azure Sentinel. Use the parser for Zscaler to build and correlate ZPA logs with other logs to enable rich alerting and investigation experiences.


 


Cognni


The Cognni data connector offers a quick and simple integration with Azure Sentinel. You can use Cognni to autonomously map your previously unclassified important information and detect related incidents. Use the new Workbook to easily visualize and recognize risks to your important information, understand the severity of the incidents, and investigate the details you need to remediate.


Nayef_Yassin_0-1621899094663.png


 


 


Cyberpion Security Logs


The Cyberpion Security Logs data connector ingests logs from the Cyberpion system directly into Sentinel. The data connector and its new Workbook allow users to visualize their data, create alerts and incidents and improve security investigations.


Nayef_Yassin_1-1621899094701.png


 


 


Darktrace


The AI by Darktrace data connector allows you to send your model breaches and AI Analyst Incidents (AIA) to Azure Sentinel, where this data can be explored interactively through the provided data visualizations in the associated AI Analyst Darktrace Workbook. This includes overview graphs with time-brushing for given timeframes, along with more detailed drill down functionality into specific breaches and incidents, where you can then view the breach back in the Darktrace UI for further exploration.


Nayef_Yassin_2-1621899094714.png


 


 


Forcepoint Cloud Security Gateway


The Forcepoint Cloud Security Gateway data connector allows you to automatically export CSG logs into Azure Sentinel. The data connector and its new Workbook allow users to visualize their data, understand threat protection measures, and improve security investigations.


Nayef_Yassin_3-1621899094725.png


 


 


Morphisec UTPP


Morphisec’s Data Connector provides users with visibility into many advanced threats including sophisticated fileless attacks, in-memory exploits, and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.


 


NXLog BSM MacOS


The NXLog BSM macOS data connector uses Sun’s Basic Security Module (BSM) Auditing API to read events directly from the kernel for capturing audit events on the macOS platform. This REST API connector can efficiently export macOS audit events to Azure Sentinel in real-time.


 


WatchGuard


The WatchGuard Firebox allows you to ingest firewall logs into Azure Sentinel. Use the parser for WatchGuard to build rich monitoring workbooks and alerting in Azure Sentinel.  


 


Apache Tomcat


The Apache Tomcat data connector provides the capability to ingest Apache Tomcat events (Access and Catalina logs) into Azure Sentinel. Use the parser for Apache Tomcat to build and correlate Tomcat logs with other logs to enable rich alerting and investigation experiences.


 


Atlassian


Two new data connectors for Atlassian enable you to ingest Jira and Confluence audit logs, respectively. Both data connectors leverage Azure Functions to ingest data from the Atlassian APIs and allow users to import their data in specific custom logs.


 


Exabeam User Behavior Analytics


The Exabeam Advanced Analytics data connector provides the capability to ingest Exabeam Advanced Analytics events such as system health, notable sessions, advanced analytics, and job status logs into Azure Sentinel. Use the parser for Exabeam to build rich monitoring workbooks and automations in Azure Sentinel.


 


NGINX HTTP Server


NGINX HTTP Server data connector provides the capability to ingest NGINX HTTP Server events (Access and Error logs) into Azure Sentinel. Use the parser for NGINX to build and correlate NGINX logs with other logs to enable rich alerting and investigation experiences.


 


Oracle WebLogic Server


OracleWebLogicServer data connector provides the capability to ingest OracleWebLogicServer events (Server and Access logs) into Azure Sentinel. Use the parser for Oracle to build and correlate WebLogic Server logs with other logs to enable rich alerting and investigation experiences.


 


OSSEC


OSSEC data connector provides the capability to ingest OSSEC alert events into Azure Sentinel. Use the parser for OSSEC to build and correlate OSSEC logs with other logs to enable rich alerting and investigation experiences.


 


SentinelOne


The SentinelOne data connector provides the capability to ingest common SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more events into Azure Sentinel through the REST API. Use the parser for SentinelOne to build and correlate SentinelOne logs with other logs to enable rich alerting and investigation experiences.


 


Workplace from Facebook


The Workplace data connector provides the capability to ingest common Workplace events into Azure Sentinel through Webhooks. Webhooks enable custom integration apps to subscribe to events in Workplace and receive updates in real time. When a change occurs in Workplace, an HTTPS POST request with event information is sent to a callback data connector URL. Use the parser for Workplace to build and correlate Workplace logs with other logs to enable rich alerting and investigation experiences.


 


Zoom


The Zoom Reports data connector provides the capability to ingest Zoom Reports events into Azure Sentinel through the REST API. Use the Zoom parser for Zoom to build rich monitoring workbooks and alerting in Azure Sentinel.


 


 


Closing


These data collection improvements are just one of several exciting announcements we’ve made for RSA. Learn more about other new Azure Sentinel innovations in our announcements blog.


Try out the new connectors, workbooks, and analytics in Azure Sentinel by starting a trial. Let us know your feedback using any of the channels listed in the Resources.


We also invite you to join the community to contribute your own new connectors, workbooks, analytics and more. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.


 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.