[建議]透過適用于 Microsoft Sentinel 的 AMA 連接器強制端點 CSG
Forcepoint 雲端安全性閘道是一種聚合式雲端安全性服務,可為使用者和資料提供可見度、控制和威脅防護,無論身在何處。 如需詳細資訊,請造訪: https://www.forcepoint.com/product/cloud-security-gateway
連線or 屬性
連線or 屬性 | 描述 |
---|---|
Log Analytics 資料表(s) | CommonSecurityLog (Forcepoint CSG) CommonSecurityLog (Forcepoint CSG) |
資料收集規則支援 | 工作區轉換 DCR |
支援者 | Community |
查詢範例
記錄嚴重性等於 6 的前 5 個 Web 要求網域 (中)
CommonSecurityLog
| where TimeGenerated <= ago(0m)
| where DeviceVendor == "Forcepoint CSG"
| where DeviceProduct == "Web"
| where LogSeverity == 6
| where DeviceCustomString2 != ""
| summarize Count=count() by DeviceCustomString2
| top 5 by Count
| render piechart
前 5 名 Web 使用者,其「動作」等於「已封鎖」
CommonSecurityLog
| where TimeGenerated <= ago(0m)
| where DeviceVendor == "Forcepoint CSG"
| where DeviceProduct == "Web"
| where Activity == "Blocked"
| where SourceUserID != "Not available"
| summarize Count=count() by SourceUserID
| top 5 by Count
| render piechart
前 5 名寄件者電子郵件地址,其中垃圾郵件分數大於 10.0
CommonSecurityLog
| where TimeGenerated <= ago(0m)
| where DeviceVendor == "Forcepoint CSG"
| where DeviceProduct == "Email"
| where DeviceCustomFloatingPoint1 > 10.0
| summarize Count=count() by SourceUserName
| top 5 by Count
| render barchart
必要條件
若要透過 AMA 與 [建議] Forcepoint CSG 整合,請確定您有:
廠商安裝指示
- 保護您的機器
請務必根據組織的安全性原則來設定電腦的安全性
下一步
如需詳細資訊,請移至 Azure Marketplace 中的相關解決方案 。