After setting up your instance, the first crucial step is to connect your data sources. This is vital because for Sentinel to spot threats effectively, it needs to receive logs.
| Source | Description |
|---|---|
| Endpoint | Logs from individual devices (laptops, servers, etc.) |
| Security Logs | Logs from systems like firewalls and IDS |
| IAM | Tracks user access, authentication, and authorization |
| Custom Data Connectors | Specific organizational needs |
| Threat Intelligence Feeds | Real-time information on known threats |
| REST APIs | Integration via Stateless Communication |
Think of it like this: for Sentinel to guard any service or product effectively, the first step is to ensure it's receiving the necessary data.
Data Source Ingestion Pathways #
After configuring the product according to the Sprint One methodology, we seamlessly transition to data ingestion.
We focus on leveraging Microsoft's proprietary platforms, primarily Azure Active Directory, Microsoft 365, and Azure Services logs.
Establishing Data Source Connections #
We provide instructions on initiating your journey with built-in connectors, specifically focusing on the Office 365 connector.
- On the left pane, click Connectors.
- Search for the desired connector.
- Once found, click to open the connector page.
Annotated and Explained Points:
- Each connector bundle includes analytics rules, workbooks, and queries.
- Prerequisites for each connector must be met before configuration.
- Configuration involves clicking on the service within Office 365.
We have the capability to ingest sources beyond Microsoft, and while configuration may be more intricate, we guide you through it step by step.