Security Operations, Channel partners, Content

Microsoft Azure Sentinel Gains 30+ Cloud SIEM Data Collectors

Microsoft has launched over 30 new out-of-the-box data connectors for its Azure Sentinel security information and event management (SIEM) platform. Azure Sentinel customers can use the connectors to access and analyze data from different products, the company said.

The new Azure Sentinel data connectors include:

  • Cisco: Four Cisco connectors enable users to ingest data from Cisco Umbrella, Cisco Meraki, Cisco Firepower and Cisco UCS logs.
  • NXLog: Two NXLog connectors deliver audit and analytical DNS server events and Linux security events to Azure Sentinel in real-time.
  • Salesforce Cloud: A Salesforce Cloud connector allows operational events to be ingested in Azure Sentinel.
  • Akamai: An Akamai connector ingests security events generated by Akamai's cloud computing platform into Azure Sentinel.
  • Trend Micro: Two Trend Micro connectors ingest Trend Micro TippingPoint SMS IPS events and Trend Micro XDR workbench alerts.

The new data connectors also include a parser that transforms ingested data into an Azure Sentinel normalized format, Microsoft stated. This format correlates different types of data from different data sources to drive end-to-end outcomes in Azure Sentinel security monitoring, hunting, incident investigation and response scenarios.

In addition, Microsoft has introduced new workbooks and analytic rule templates for Azure Sentinel. These workbooks and analytic rule templates can help Azure Sentinel customers monitor data sources and identify cyber threats, the company noted.

Microsoft Upgrades Azure Sentinel-Microsoft 365 Defender Integration

Along with its new Azure Sentinel data connectors, Microsoft in March 2021 also enhanced its Azure Sentinel-Microsoft 365 Defender integration.

Microsoft has fully integrated Microsoft 365 Defender incidents with Azure Sentinel, the company said. This ensures that security incidents from Microsoft 365 Defender automatically appear in the incident queue in Azure Sentinel and can be triaged and enriched with other data and insights.

Azure Sentinel is the first SIEM built into a public cloud platform, according to Microsoft. It offers a catalog of more than 100 built-in connectors for Microsoft 365, Azure and other clouds, endpoints, networks and users.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.

You can skip this ad in 5 seconds