Azure Sentinel and NTP Server

Tanguy NGUYEN 6 Reputation points
2020-12-09T14:28:07.763+00:00

Hi,

I have a general question regarding Azure Sentinel and its integration/usage of NTP server for time source synchronization. Do you implement a vote system to ensure accuracy and integrity of the NTP source since NTP is not an authenticated protocol, stateless?
What are the security measures put in place by Microsoft to ensure a reliable NTP? Also in the context of Third-Party using a SaaS model into Azure how can they provide audit trails as such? Especially if they are using some Salesforce application on Azure for instance?
Thank you for your answer.

Best Regards –Tanguy

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,132 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,186 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
971 questions
{count} vote

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,361 Reputation points Microsoft Employee
    2020-12-11T21:39:03.29+00:00

    @Tanguy NGUYEN
    Thank you for your time and patience throughout this issue! I received a response from our Azure Sentinel team and for question 4, when it comes to Salesforce, the only thing we have currently is a connector that allows us to get the logs from Salesforce into Sentinel.

    Questions:

    1. Do you implement a vote system to ensure accuracy and integrity of the NTP source since NTP is not an authenticated protocol, stateless?
    2. What are the security measures put in place by Microsoft to ensure a reliable NTP?
    3. Also in the context of Third-Party using a SaaS model into Azure how can they provide audit trails as such?
    4. Especially if they are using some Salesforce application on Azure for instance?

    In regards to your questions on #1-3, I've added the Virtual Networking tag to this thread so our networking team can take a look into this issue regarding NTP.

    If you'd like, you can reach out to our Azure Sentinel team via email (AzureSentinel@microsoft.com) or by their GitHub Community pages.

    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments