You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: unified-secops-platform/overview-plan.md
+5-24Lines changed: 5 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -94,30 +94,11 @@ For more information, see [Prioritize data connectors](/azure/sentinel/prioritiz
94
94
95
95
For example, you might want to use any of the following recommended data sources:
96
96
97
-
-**Azure services**: If any of the following services are deployed in Azure, use the following connectors to send these resources' Diagnostic Logs to Microsoft Sentinel:
98
-
99
-
-**Azure Firewall**
100
-
-**Azure Application Gateway**
101
-
-**Keyvault**
102
-
-**Azure Kubernetes Service**
103
-
-**Azure SQL**
104
-
-**Network Security Groups**
105
-
-**Azure-Arc Servers**
106
-
107
-
We recommend that you set up Azure Policy to require that their logs be forwarded to the underlying Log Analytics workspace. For more information, see [Create diagnostic settings at scale using Azure Policy](/azure/azure-monitor/essentials/diagnostic-settings-policy)..
108
-
109
-
-**Virtual machines**: For virtual machines hosted on-premises or in other clouds that require their logs collected, use the following data connectors:
110
-
111
-
-**Windows Security Events using AMA**
112
-
- Events via **Defender for Endpoint** (for server)
113
-
-**Syslog**
114
-
115
-
-**Network virtual appliances / on-premises sources**: For network virtual appliances or other on-premises sources that generate Common Event Format (CEF) or SYSLOG logs, use the following data connectors:
116
-
117
-
-**Syslog via AMA**
118
-
-**Common Event Format (CEF) via AMA**
119
-
120
-
For more information, see [Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](/azure/sentinel/connect-cef-syslog-ama?branch=main&tabs=single%2Ccef%2Cportal).
97
+
|Scenario |Data sources |
98
+
|---------|---------|
99
+
|**Azure services**| If any of the following services are deployed in Azure, use the following connectors to send these resources' Diagnostic Logs to Microsoft Sentinel: <br><br> - **Azure Firewall** <br>- **Azure Application Gateway** <br>- **Keyvault**<br> - **Azure Kubernetes Service**<br> - **Azure SQL**<br>- **Network Security Groups**<br> - **Azure-Arc Servers** <br><br>We recommend that you set up Azure Policy to require that their logs be forwarded to the underlying Log Analytics workspace. For more on information, see [Create diagnostic settings at scale using Azure Policy](/azure/azure-monitor/essentials/diagnostic-settings-policy). |
100
+
|**Virtual machines**| For virtual machines hosted on-premises or in other clouds that require their logs collected, use the following data connectors: <br><br> - **Windows Security Events using AMA**<br> - Events via **Defender for Endpoint** (for server)<br>- **Syslog**|
101
+
|**Network virtual appliances / on-premises sources**| For network virtual appliances or other on-premises sources that generate Common Event Format (CEF) or SYSLOG logs, use the following data connectors: <br><br>- **Syslog via AMA** <br>- **Common Event Format (CEF) via AMA** <br><br> For more information, see [Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](/azure/sentinel/connect-cef-syslog-ama?branch=main&tabs=single%2Ccef%2Cportal). |
0 commit comments