Sentinel Connector Plug-in for AWS and Office 365

Sentinel Connector Plug-in for AWS and Office 365

Most of the deployment scenarios of Sentinel and the devices it collects events from are OnPrem, but lately there is a paradigm shift where organizations are moving to the public cloud like AWS and Office 365 where users deploy instances, services, etc. With the rise in cloud adoption it provides opportunity for Sentinel to read logs from the public cloud.

Sentinel uses connector plug-ins to read events from different devices, hence to support AWS and Office 365 we have implemented connector for reading logs from AWS and Office 365.

Reading logs from AWS:

  • AWS Stores logs in S3 as bucket.

  • User needs to authenticate and should have permission to access S3 bucket.

  • Appropriate REST APIs should be called to read buckets, read files underneath buckets, and then read contents of file. (logs)


Reading logs from Office 365:

  • User needs to authenticate to get access token.

  • Get the logs lists.

  • Get the contents of logs.



Users who use this plug-in need to come up with their own collector for parsing and normalize to Sentinel event.

 
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Can you provide step by step to configure?
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2016-07-21 22:37
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.