Microsoft Sentinel – Ingesting Windows Server Event Logs from Azure VMs
Ingesting Windows Server event logs into Microsoft Sentinel involves creating a Data Collection Rule for Azure VMs. Subsequent articles will cover on-premises methods.
Ingesting Windows Server event logs into Microsoft Sentinel involves creating a Data Collection Rule for Azure VMs. Subsequent articles will cover on-premises methods.
Want more reporting in Microsoft Sentinel? Look no further, this guide will show you the steps to use PowerBI with Microsoft Sentinel.
There are many things to consider when implementing Microsoft Sentinel, such as: defining objectives, assessing environments, designing architecture, managing user access, and ensuring continuous improvement.
Whats happening in the market so far in regards to SIEM? How has XDR, Zero Trust and AI impacted the SIEM Market?
SIEM technology began in the 1990s to centralise logs, evolved to real-time event analysis, and now uses machine learning for proactive threat detection.
Microsoft Sentinel requires understanding SIEM concepts and terminology including SOC, SOAR, parsing, syslog, CEF, LEEF, CTI, TAXII, and STIX. Future posts will explore these further.