Create an Azure Sentinel Instance
https://azure.microsoft.com/en-ca/services/azure-sentinel/
https://portal.azure.com/#home
You will need to first search for Sentinel and then create a workspace. Then you can add a sentinel instance to your workspace.
Collect Data
Connectors
Syslog Connector
https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog
Linux agent
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w xxx -s xxx -d opinsights.azure.com
References
Reference | URL |
---|---|
What is Azure Sentinel and why you should care | Azure Tips and Tricks | https://www.youtube.com/watch?v=dRpOR2GpL1s |
Azure Sentinel | https://azure.microsoft.com/en-ca/services/azure-sentinel/ |
Azure Portal | https://portal.azure.com/#home |