11/15/2023 0 Comments Azure sentinel demonstrationSo I wouldn't expect to see any activities here. ![]() Now, since the Berks Batteries tenant here, this subscription is just a lab environment, I haven't been using Exchange. So we'll select the dropdown for activities. And then from here we gonna notice that the query can't run because we haven't set any parameters. If we scroll down, we can view the template. The green check mark here tells us we do have the required data types for this particular template. If we select Exchange Online, we'll go ahead and select it. We can use these to get insight into our environment. If we click Next steps here, we can see the recommended workbooks and query samples along with analytics rule templates that come with the Office 365 log connector. Now we don't have any previously connected tenants here, so we don't have to do anything here. For this demonstration here, we'll just select Exchange logs, and then we'll apply the changes. Essentially we can select what record types we want to collect from Office 365. And then under Configuration here, this is where we can tell Azure Sentinel what we're interested in. The green check marks here tell us we're good. Prerequisites here tell us what we need in terms of a workspace and in terms of tenant permissions. We have the prerequisites pane and the configuration pane. Now on this instructions pane, we have really two separate pieces. And then if we scroll down further, we have an option here to open the connector page, which is what we'll do here. So what we'll do here is we'll select Office 365 from the list. Now, one of these data connectors, if we scroll down here, is going to be Office 365. And then from here, this data connectors page shows us all of the different data connectors we have at our disposal. Now to do that, we simply browse down to data connectors here under Configuration in the left-hand pane. And what we're gonna do here is connect it to Office 365. I'm at the Azure Sentinel overview page for the Sentinel that we deployed earlier. ![]() Now on the screen here, I'm logged in to my Azure portal. What we're gonna do in this demonstration here is connect Azure Sentinel to our Office 365 logs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |