Log Forwarding - Microsoft Sentinel¶
Overview¶
Microsoft Sentinel is a powerful SIEM that is used by many companies. Valtix supports Log Forwarding to Microsoft Sentinel to send Security Events and Traffic Log information for processing, storage, access and correlation. The information sent is in a semi-structured JSON format where the attribute-value pairs can be accessed and processed.
Requirements¶
In order to forward logs to Microsoft Sentinel, the following information is required:
- Create an Azure Log Analytics Workspace
- Define an Azure Log Table
Profile Parameters¶
| Parameter | Deonticity | Default | Description |
|---|---|---|---|
| Profile Name | Required | A unique name to use to reference the Profile | |
| Description | Optional | A description for the Profile | |
| Destination | Required | Microsoft Sentinel | The SIEM used for the Profile |
| Azure Log Analytics Workspace ID | Required | The ID of the Azure Log Analytics Workspace | |
| Shared Key | Required | The Shared Key used to authenticate the communication | |
| Azure Log Table Name | Required | Name of the Azure Log Table where the logs/events will be stored |