This article is contributed. See the original author and article here.
This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.
Azure Sentinel supports a set of standard patterns for ingesting data at scale. Customers are able to easily onboard data sources via an extensive gallery of connectors and data collection technologies. Data is the foundation for Azure Sentinel. To increase our set of data sources, we are delighted to announce that the Azure Firewall data connector is now public preview!
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability.
You can connect Azure Firewall logs to Azure Sentinel, enabling you to view log data in workbooks, use it to create custom analytics,, and incorporate it to improve your investigation/hunting activities.
Learn more about monitoring Azure Firewall logs.
How to enable:
- From the Azure Sentinel navigation menu, select Data connectors.
2. Select Azure Firewall from the data connectors gallery, and then select Open Connector Page on the preview pane.
Enable Diagnostic logs on all the firewalls whose logs you wish to connect:
3. Select the Open Azure Firewall resource > link.
4. From the Firewalls navigation menu, select Diagnostic settings.
5. Select + Add diagnostic setting at the bottom of the list.
Get Started Today!
Try out the new connector and let us know your feedback using any of the channels listed in the Resources.
You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.