Azure Sentinel
Azure Sentinel Destination Plugin
Azure Sentinel is a cloud-native security information and event management (SIEM) service provided by Microsoft Azure. It provides intelligent security analytics and threat intelligence to help identify and respond to security threats across your organization. With the Azure Sentinel destination plugin, you can easily configure your Calyptia Core pipeline to send security-related logs and events to Azure Sentinel. This allows you to collect and analyze security data from various sources in real-time, and use the powerful tools and automation capabilities of Azure Sentinel to detect, investigate, and respond to security threats.
Configuration Parameters
The following are configuration Parameters for Azure Sentinel Destination Plugin.
| Key | Description |
|---|---|
Customer / Workspace ID | Customer ID or WorkspaceID string. |
Client Authentication Key | The primary or the secondary Connected Sources client authentication key. |
The following are Advanced configuration Parameters for Azure Sentinel Destination Plugin.
| Key | Description |
|---|---|
Event Type Name | The name of the event type, E.g. FluentBit |
Time Key | Optional parameter to specify the key name where the timestamp is stored |
Enable Time Generated | If enabled, the HTTP request header 'time-generated-field' will be included so Azure can override the timestamp with the key specified by 'time_key' option. |
The following are Security and TLS configuration Parameters for Azure Sentinel Destination Plugin.
| Key | Description |
|---|---|
TLS | Enable or Disable TLS/SSL support |
TLS Certificate Validation | Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled. |
TLS Debug Level | Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose |
CA Certificate File Path | Absolute path to CA certificate file |
Certificate File Path | Absolute path to Certificate file |
Private key File Path | Absolute path to private Key file |
Private Key Path Password | Optional password for tls.key_file file |
TLS SNI Hostname Extension | Hostname to be used for TLS SNI Extension |
The following are Advanced Networking configuration Parameters for Azure Sentinel Destination Plugin.
| Key | Description |
|---|---|
DNS Mode | Select the primary DNS connection type (TCP or UDP) |
DNS Resolver | Select the primary DNS connection type (TCP or UDP) |
Prefer IPv4 | Prioritize IPv4 DNS results when trying to establish a connection |
Keepalive | Enable or disable Keepalive support |
Keepalive Idle Timeout | Set maximum time allowed for an idle Keepalive connection |
Max Connect Timeout | Set maximum time allowed to establish a connection, this time includes the TLS handshake |
Max Connect Timeout Log Error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message |
Max Keepalive Recycle | Set maximum number of times a keepalive connection can be used before it is retired. |
Source Address | Specify network address to bind for data traffic |
Last updated