Azure Sentinel and Security Onion

Arharbi, Adnane 136 Reputation points
2022-12-30T20:35:33.737+00:00

How can we use Azure Sentinel and Security Onion together to enhance organization's security posture and detect and respond to security threats more effectively?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,287 questions
0 comments No comments
{count} votes

Accepted answer
  1. David Broggy 6,286 Reputation points MVP Volunteer Moderator
    2022-12-30T21:00:55.12+00:00

    Hi ArharbiAdnane,

    Security Onion supports syslog, so you would pull it into Sentinel like any other syslog source via the OMS agent installed on a linux server.

    You can then parse it directly with kql queries to pull out the fields of interest.

    reference:
    syslog-output.html

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.