Security logs are useful for identifying threats and tracing unauthorized attempts to access data. For more information, see Archive data from Log Analytics workspace to Azure Storage using Logic Apps. In this scenario, you can use Azure Logic Apps to export data from Log Analytics workspaces. Log Analytics doesn't currently support exporting custom log tables. Because Azure Data Explorer provides long-term storage, you can reduce your Sentinel retention costs with this approach. Some duplication results, but the cost savings can be significant. This functionality speeds up data exploration.Īnother option with this solution is to send all data, regardless of its security value, to Sentinel and Azure Data Explorer at the same time. With Azure Data Explorer, you can move data from the cold partition to the hot partition by changing a policy. A disadvantage is the need to rehydrate the logs for security audits and interactive investigative queries. This approach simplifies the architecture and can help control the cost. Instead of using Azure Data Explorer for long-term storage of security logs, you can use Storage. These optimized dashboards provide a way to display and explore query results. It can handle diverse data streams from applications, websites, IoT devices, and other sources.Īzure Data Explorer dashboards natively import data from Azure Data Explorer Web UI queries. Azure Data Explorer is optimized for interactive, ad-hoc queries. You can use this cloud service for real-time analysis on large volumes of data. This data lake is built on top of Blob Storage and provides functionality for storing and processing data.Īzure Data Explorer is a fast, fully managed, and highly scalable data analytics platform. Log Analytics also provides features for charting and statistically analyzing query results.Įvent Hubs is a fully managed, real-time data ingestion service that's straightforward and scalable.ĭata Lake Storage is a scalable storage repository that holds a large amount of data in the data's native, raw format. Log Analytics is a Monitor service that you can use to query and inspect Monitor log data. Monitor also offers alerting functionality. This data includes app telemetry, such as performance metrics and activity logs. Monitor is a software as a service (SaaS) solution that collects and analyzes data on environments and Azure resources. It uses advanced AI and security analytics to detect, hunt, prevent, and respond to threats across enterprises. Sentinel is a cloud-native SIEM and SOAR solution. Various tools provide near real-time analytics dashboards that quickly deliver insights:ĭefender for Endpoint protects organizations from threats across devices, identities, apps, email, data, and cloud workloads. SOC analysts use this capability to run full-range investigations on security data.Īzure Data Explorer provides native capabilities for processing, aggregating, and analyzing data. Log Analytics and Sentinel support cross-service queries with Azure Data Explorer. To follow regulatory requirements, Azure Data Explorer exports pre-aggregated data to Data Lake Storage for archiving. These logs are in compressed, partitioned Parquet format and are ready to be queried. If needed, Azure Data Explorer continuously exports security logs to Azure Storage. This process uses Azure Event Grid, which triggers the Azure Data Explorer ingestion pipeline. Sentinel uses Log Analytics as a data platform for exporting data to Event Hubs and Azure Data Lake.Īzure Data Explorer uses connectors for Event Hubs, Azure Blob Storage, and Azure Data Lake Storage to ingest data with low-latency and high throughput. Sentinel ingests Defender for Endpoint data to monitor devices. Dataflowįor SIEM and SOAR, an enterprise uses Sentinel and Defender for Endpoint.ĭefender for Endpoint uses native functionality to export data to Azure Event Hubs and Azure Data Lake. Architectureĭownload a Visio file of this architecture. No endorsement is implied by the use of these marks. Grafana and Jupyter Notebooks are trademarks of their respective companies. This solution minimizes costs and provides easy access when you need to query the data. This solution stores security logs in Azure Data Explorer on a long-term basis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |