Skip to main content

Azure Sentinel

Integrate GravityZone Cloud with Azure Sentinel

To set up the link between Azure Sentinel and GravityZone follow the steps below:

Note

You will need an external syslog server for the deployment of an Azure agent.

  1. Log in to the Microsoft Azure portal

  2. Create a new Log Analytics Workspace in Microsoft Azure Sentinel for receiving GravityZone alerts.

  3. Go to Log Analytics workspaces.

  4. Select the workspace where you wish to deploy the Azure agent, go to Agents management and select the Linux tab.

    199857_1.png

  5. Copy the link from the Download and onboard agent for Linux field and use it to install the Sentinel agent on your syslog server.

  6. Go back to the Microsoft Azure portal, select the workspace again, and go to Agents configuration.

  7. Go to the syslog tab and enable all data sources for the user facility.

    199857_2.png

  8. Configure GravityZone to send notifications to the Azure Sentinel instance using the Syslog protocol.

    1. Connect to the GravityZone Control Center.

    2. Go to the Configuration page from the left side menu and click Miscellaneous.

    3. Select the Enable Syslog check box.

    4. Enter the IP address of the the syslog server, the preferred protocol and the port Syslog listens to.

    5. Select the format json to send the data to the Syslog server.

    6. Click the Add button from the Action column.

      Enable_Syslog.png

  9. Select the events you want to receive on the Azure instance:

    1. Connect to the GravityZone Control Center.

    2. Click the Notification button at the right side of the menu bar and then click the Settings icon.

    3. Under Enable Notification section, choose the type of notifications you want to receive from GravityZone and select the Log to server checkbox.

      199857_3.png

    4. Click Save.

In this section: