Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition

Chapter 9 Data connectors

A key requirement for every SIEM is the capability to ingest and process massive amounts of data from various sources—data to analyze, data to run detections on, data to hunt for indicators of compromise, and more. As a cloud-born SIEM, one of Microsoft Sentinel’s strengths is to handle terabytes of data with ease, without any scaling or sizing issues for you to worry about. Data can be ingested in several ways, such as by leveraging the following:

Data connectors, including service-to-service connections
Rest API endpoints
Agents, including forwarders and plug-ins, like the output plug-in for Logstash

Data connectors are Microsoft Sentinel’s primary tool for ingesting and processing data and should be your first ...

Get Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition by Nicholas DiCola, Yuri Diogenes, Tiander Turpijn

Chapter 9

Data connectors

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly