Security solution integrations
Azure Sentinel is designed to work with multiple security solutions, not just those that are developed by Microsoft.
At the most basic level, log collection and analysis are possible from any system that can transmit their logs via the Syslog collectors. More detailed logs are available from those that connect via the CEF standard and servers that share Window Event logs. The preferred method, however, is to have direct integration via APIs to enable a two-way communication and help to manage the integrated solutions. More details relating to these options are included in Chapter 3, Data Collection and Management.
Common Event Format (CEF)
CEF is an industry standard format applied to Syslog messages, used by most security vendors to ensure commonality between platforms. Azure Sentinel provides integrations to easily run analytics and queries across CEF data. For a full list of Azure Sentinel CEF source configurations, review the following article at https://techcommunity.microsoft.com/t5/Azure-Sentinel/Azure-Sentinel-Syslog-CEF-and-other-3rd-party-connectors-grand/ba-p/803891.
Microsoft is continually developing integration options. At the time of writing, the list of integrated third-party solution providers includes the following:
- AWS
- Barracuda
- Checkpoint
- Cisco
- Citrix Systems Inc.
- CyberArk
- ExtraHop Networks
- F5 Networks
- Fortinet
- One Identity LLC.
- Palo Alto Networks
- Symantec
- TrendMicro
- Zscaler
As you can see from this list, many of the top security vendors are already available directly in the portal. Azure Sentinel provides the ability to connect to a range of security data sources with built-in connectors, ingest the log data, and display using pre-defined dashboards.