Edit

Juniper IDP connector for Microsoft Sentinel

  • Article

The Juniper IDP data connector provides the capability to ingest Juniper IDP events into Microsoft Sentinel.

Connector attributes

Connector attribute Description
Log Analytics table(s) JuniperIDP_CL
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Query samples

Top 10 Clients (Source IP)

JuniperIDP

| summarize count() by SrcIpAddr

| top 10 by count_

Vendor installation instructions

Note

This data connector depends on a parser based on Kusto Function to work as expected JuniperIDP which is deployed with the Microsoft Sentinel Solution.

Note

IDP OS 5.1 and above is supported by this data connector.

  1. Install and onboard the agent for Linux or Windows

Install the agent on the Server.

  1. Configure the logs to be collected

Follow the configuration steps below to get Juniper IDP logs into Microsoft Sentinel. This configuration enriches events generated by Juniper IDP module to provide visibility on log source information for Juniper IDP logs. Refer to the Azure Monitor Documentation for more details on these steps.

  1. Download config file juniper_idp.conf.

  2. Login to the server where you have installed Azure Log Analytics agent.

  3. Copy juniper_idp.conf to the /etc/opt/microsoft/omsagent/workspace_id/conf/omsagent.d/ folder.

  4. Edit juniper_idp.conf as follows:

    i. change the listen port for receiving logs based on your configuration (line 3)

    ii. replace workspace_id with real value of your Workspace ID (lines 58,59,60,63)

  5. Save changes and restart the Azure Log Analytics agent for Linux service with the following command: sudo /opt/microsoft/omsagent/bin/service_control restart

  6. To configure a remote syslog destination, please reference the SRX Getting Started - Configure System Logging.

Next steps

For more information, go to the related solution in the Azure Marketplace.