Редагувати

Поділитися через


Perimeter 81 Activity Logs connector for Microsoft Sentinel

The Perimeter 81 Activity Logs connector allows you to easily connect your Perimeter 81 activity logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) Perimeter81_CL
Data collection rules support Not currently supported
Supported by Perimeter 81

Query samples

User login failures

Perimeter81_CL 
| where eventName_s == "api.activity.login.fail"

Application authorization failures

Perimeter81_CL 
| where eventName_s == "api.activity.application.auth.fail"

Application session start

Perimeter81_CL 
| where eventName_s == "api.activity.application.session.start"

Authentication failures by IP & email (last 24 hours)

Perimeter81_CL

| where TimeGenerated > ago(24h) and eventName_s in ("api.activity.login.fail", "api.activity.vpn.auth.fail", "api.activity.application.auth.fail")

| summarize count(releasedBy_email_s) by ip_s, releasedBy_email_s

| where count_releasedBy_email_s > 1

Resource deletions by IP & email (last 24 hours)

Perimeter81_CL

| where TimeGenerated > ago(24h) and eventName_s matches regex "api.activity.*.remove*
|api.activity.*.delete*
|api.activity.*.destroy*"  

| summarize count(releasedBy_email_s) by ip_s, releasedBy_email_s

| where count_releasedBy_email_s > 1

Vendor installation instructions

Please note the values below and follow the instructions here to connect your Perimeter 81 activity logs with Microsoft Sentinel.

Next steps

For more information, go to the related solution in the Azure Marketplace.