ASP.NET Core Series: SameSite Cookie Security
Play Install the SIEM Connector for Cloud App Security
Description
Learn how Cloud App Security allows you to easily and quickly setup a SIEM connector providing all security information in one location.
Download
Right click or Alt+Enter to download this episode
- MP3 (5.5 MB)
- Low Quality MP4 (5.9 MB)
- High Quality MP4 (15.7 MB)
- Mid Quality MP4 (11.4 MB)
Download captions
The Discussion
-
Hiren Vora We are using MCAS tool and our SIEM is on-premises. We went through SIEM agent configuration and pointed to public IP of the SIEM. We would like to know if the agent is going to pull or push alert info from MCAS portal. If the information comes inbound then do we need to open ports on our firewall?
-
Steve I'd like to send the full json events to our SIEM, or at a minimum to be able to choose what fields to send. There is not enough detail in the logs.
-
Mike Kassis Hi Steve,
CEF format has a character limit, so there's restrictions on how much can be pulled and sent over that protocol. If you want all the metadata for activities and alerts, you can retrieve the full JSON by leveraging the exposed REST API's for Activities and Alerts. API documentation can be found by clicking the '?' Icon in the portal and select "API Documentation".
Hope this helps.
Mike
Conversation locked
This conversation has been locked by the site admins. No new comments can be made.
Related episodes
Private Link for Azure SQL Database - Part 2
Private Link for Azure SQL Database - Part 1
Azure Sphere: Defense in depth for IoT devices
The Azure Sphere Security Promise
Device Authority Keyscaler integration with IoT Hub and DPS for PKI/Cert management
Securing your Azure applications with Azure.Identity
Demo – Vnet Firewall Rules for SQL Database
Onboard to Azure Security Center for IoT
How does Windows 10 in S mode protect my device? | One Dev Question
