Azure Sentinel

Azure Sentinel destination plugin

Azure Sentinel is a cloud-native security information and event management (SIEM) service provided by Microsoft Azure. It provides intelligent security analytics and threat intelligence to help identify and respond to security threats across your organization. With the Azure Sentinel destination plugin, you can configure your Calyptia Core pipeline to send security-related logs and events to Azure Sentinel. This allows you to collect and analyze security data from various sources in real-time, and use the powerful tools and automation capabilities of Azure Sentinel to detect, investigate, and respond to security threats.

Configuration parameters

The Azure Sentinel destination plugin provides these configuration parameters.

General

Key	Description
Customer / Workspace ID	Customer ID or WorkspaceID string.
Client Authentication Key	The primary or the secondary Connected Sources client authentication key.

Key

Description

Customer / Workspace ID

Customer ID or WorkspaceID string.

Client Authentication Key

The primary or the secondary Connected Sources client authentication key.

Advanced

Key Description

Key	Description
Event Type Name	The name of the event type. For example, FluentBit.
Time Key	Optional parameter to specify the key name where the timestamp is stored.
Enable Time Generated	If enabled, the HTTP request header `time-generated-field` will be included so Azure can override the timestamp with the key specified by `time_key` option.

Event Type Name

The name of the event type. For example, FluentBit.

Time Key

Optional parameter to specify the key name where the timestamp is stored.

Enable Time Generated

If enabled, the HTTP request header time-generated-field will be included so Azure can override the timestamp with the key specified by time_key option.

Security and TLS

Key Description

Key	Description
TLS	Enable or disable TLS/SSL support.
TLS Certificate Validation	Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.
TLS Debug Level	Set TLS debug verbosity level. Accepts these values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational), `4` (Verbose).
CA Certificate File Path	Absolute path to CA certificate file.
Certificate File Path	Absolute path to certificate file.
Private key File Path	Absolute path to private key file.
Private Key Path Password	Optional password for `tls.key_file` file.
TLS SNI Hostname Extension	Hostname to be used for TLS SNI extension.

TLS

Enable or disable TLS/SSL support.

TLS Certificate Validation

Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.

TLS Debug Level

Set TLS debug verbosity level. Accepts these values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).

CA Certificate File Path

Absolute path to CA certificate file.

Certificate File Path

Absolute path to certificate file.

Private key File Path

Absolute path to private key file.

Private Key Path Password

Optional password for tls.key_file file.

TLS SNI Hostname Extension

Hostname to be used for TLS SNI extension.

Advanced networking

Key	Description
DNS Mode	Select the primary DNS connection type (TCP or UDP).
DNS Resolver	Select the primary DNS connection type (TCP or UDP).
Prefer IPv4	Prioritize IPv4 DNS results when trying to establish a connection.
Keepalive	Enable or disable Keepalive support.
Keepalive Idle Timeout	Set maximum time allowed for an idle Keepalive connection.
Max Connect Timeout	Set maximum time allowed to establish a connection, this time includes the TLS handshake.
Max Connect Timeout Log Error	On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message.
Max Keepalive Recycle	Set maximum number of times a keepalive connection can be used before it is retired.
Source Address	Specify network address to bind for data traffic.

Key

Description

DNS Mode

Select the primary DNS connection type (TCP or UDP).

DNS Resolver

Select the primary DNS connection type (TCP or UDP).

Prefer IPv4

Prioritize IPv4 DNS results when trying to establish a connection.

Keepalive

Enable or disable Keepalive support.

Keepalive Idle Timeout

Set maximum time allowed for an idle Keepalive connection.

Max Connect Timeout

Set maximum time allowed to establish a connection, this time includes the TLS handshake.

Max Connect Timeout Log Error

On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message.

Max Keepalive Recycle

Set maximum number of times a keepalive connection can be used before it is retired.

Source Address

Specify network address to bind for data traffic.

PreviousAzure Monitor Logs NextCoralogix

Last updated 2 months ago