Skip to main content

Integrate Datawiza Access Proxy with Microsoft Sentinel

About 1 min

Integrate Datawiza Access Proxy with Microsoft Sentinel

Overview

Datawiza Access Proxy (DAP) supports sending access logs to Microsoft Event Hub, enabling integration with Microsoft Sentinel for advanced security monitoring and threat detection. This guide provides step-by-step instructions to configure DAP for seamless log forwarding to Event Hub.

Benefits of Integrating

Integrating DAP logs with Microsoft Event Hub allows organizations to:

  • Enable real-time monitoring of access logs.
  • Detect security threats using Microsoft Sentinel.
  • Centralize log storage and analysis for better insights.

Configuration Steps

Step 1: Configure Microsoft Event Hub

  1. Navigate to Azure Portal and search for Event Hubs.

  2. Create an Event Hub Namespace with the following specifications:

    • Namespace Name: Your desirable namespace
    • Pricing Tier: Standard
    • Other settings: Default SentinelSentinel

  3. Within the created Event Hub Namespace, create a Event Hub. SentinelSentinel

  4. Within the created Event Hub, add a Shared Access Policy and copy the primary connection string. Sentinel

  5. Save the primary connection string for later use. Sentinel

Step 2: Enable Access Log Forwarding in Datawiza Access Proxy

  1. Log in to the Datawiza Cloud Management Consoleopen in new window.
  2. Go to Settings and enable Additional Log Receiver.
  3. Select Kafka as the Vendor, then configure the following:
    • Kafka Host: the Event Hub namespace host name Sentinel
    • Kafka Topic: the name of the Event Hub Sentinel
    • Kafka Connection String: the primary connection string in the Shared Access Policy

Sentinel

Step 3: Validate Log Delivery

After configuring log forwarding, you can validate the delivery in Event Hub: Sentinel

Step 4: Integrate with Microsoft Sentinel

Use the following guide to ingest logs from Event Hubs into Azure Log Analytics: Ingest Logs from Event Hubs into Azure Log Analyticsopen in new window After the ingestion setup is complete, logs should be visible in both Microsoft Sentinel and the Azure Log Analytics workspace.

Conclusion

By integrating Datawiza Access Proxy with Microsoft Event Hub, organizations can enhance their security posture with real-time monitoring and analytics using Microsoft Sentinel. Ensure all configurations are correctly set up to enable seamless log forwarding and analysis.

Copyright © 2024 Datawiza Technologies Inc