azure:azure_sentinel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:azure_sentinel [2021/09/20 14:18] mmuzeazure:azure_sentinel [2023/06/14 21:40] (current) – [To Explore] mmuze
Line 1: Line 1:
 ====== Azure Sentinel ====== ====== Azure Sentinel ======
 +
 +====== Quick-n-Dirty ======
 +  * Azure Monitor Agent (AMA), collects monitoring data from VMs and sends it to Azure Monitor
 +
 +
 +  * For non-Azure VMs to be integrated with Sentinel they need to be have the [[https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview|Azure Arc]] agent installed, which makes them //Arc-enabled//.
 +  * Azure Arc agent is also called the //Azure Connected Machine agent//.
 +      * This agent does not replace the //Azure Log Analytics agent//, it works in conjunction with it.
 +      * How does it relate to the //Azure Monitoring Agent//?
 +  * [[https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview]]
 +
  
 ====== To Explore ====== ====== To Explore ======
   * [[https://www.infusedinnovations.com/blog/intelligent-cloud/step-by-step-guide-to-deploy-azure-sentinel]]   * [[https://www.infusedinnovations.com/blog/intelligent-cloud/step-by-step-guide-to-deploy-azure-sentinel]]
   * [[https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-agent-collecting-from-servers-and-workstations-on/ba-p/811760]]   * [[https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-agent-collecting-from-servers-and-workstations-on/ba-p/811760]]
 +  * [[https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-the-connectors-grand-cef-syslog-direct-agent/ba-p/803891]]
 +  * [[https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector]]
  
  
  • azure/azure_sentinel.1632147492.txt.gz
  • Last modified: 2021/09/20 14:18
  • by mmuze