You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-logstash-data-connection-rules.md
+24Lines changed: 24 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -392,6 +392,7 @@ After you retrieve the required values:
392
392
393
393
|Field |Description |Default value |
394
394
|---------|---------|---------|
395
+
|`azure_cloud`|Used to specify the name of the Azure cloud that is being used, Available values are: `AzureCloud`, `AzureChinaCloud`, and `AzureUSGovernment`. |`AzureCloud`|
395
396
|`key_names`|An array of strings. Provide this field if you want to send a subset of the columns to Log Analytics. |None (field is empty) |
396
397
|`plugin_flush_interval`|Defines the maximal time difference (in seconds) between sending two messages to Log Analytics. |`5`|
397
398
|`retransmission_time`|Sets the amount of time in seconds for retransmitting messages once sending failed. |`10`|
@@ -444,6 +445,29 @@ To monitor the connectivity and activity of the Microsoft Sentinel output plugin
444
445
445
446
If you are not seeing any data in this log file, generate and send some events locally (through the input and filter plugins) to make sure the output plugin is receiving data. Microsoft Sentinel will support only issues relating to the output plugin.
446
447
448
+
449
+
### Network security
450
+
Define network settings and enable network isolation for Microsoft Sentinel Logstash output plugin.
451
+
452
+
#### Virtual network service tags
453
+
454
+
Microsoft Sentinel output plugin supports [Azure virtual network service tags](/azure/virtual-network/service-tags-overview). Both *AzureMonitor* and *AzureActiveDirectory* tags are required.
455
+
456
+
Azure Virtual Network service tags can be used to define network access controls on [network security groups](/azure/virtual-network/network-security-groups-overview#security-rules), [Azure Firewall](/azure/firewall/service-tags), and user-defined routes. Use service tags in place of specific IP addresses when you create security rules and routes. For scenarios where Azure Virtual Network service tags cannot be used, the firewall requirements are given below.
457
+
458
+
#### Firewall requirements
459
+
460
+
The following table lists the firewall requirements for scenarios where Azure virtual network service tags can't be used.
| Azure Government |https://login.microsoftonline.us|Authorization server (the Microsoft identity platform)|Port 443 |Outbound|Yes |
467
+
| Azure Government |Replace '.com' above with '.us' | Data collection Endpoint|Port 443 |Outbound|Yes |
468
+
| Microsoft Azure operated by 21Vianet |https://login.chinacloudapi.cn|Authorization server (the Microsoft identity platform)|Port 443 |Outbound|Yes |
469
+
| Microsoft Azure operated by 21Vianet |Replace '.com' above with '.cn' | Data collection Endpoint|Port 443 |Outbound|Yes |
470
+
447
471
## Limitations
448
472
449
473
- Ingestion into standard tables is limited only to [standard tables supported for custom logs ingestion](data-transformation.md#data-transformation-support-for-custom-data-connectors).
0 commit comments