;)
At a recent SCOM event (SCOMathon), I had the opportunity to learn about Nathan Gau’s security management pack for SCOM. I immediately realized what I’m sure Nathan had all along – that the information available in this pack could be invaluable in Azure Sentinel. So, during (and after) this event, I reached out to Nathan to express this and offer whatever help I could to make this a reality. Once we started communicating on the topic, I quickly realized that I needed some big guns on the Azure Sentinel side, so I asked Rod Trent if he would join in on this project. So, fast-forward to today, I am excited to announce the release of On-Prem Security Monitoring for Sentinel!
Highlights of this management pack include:
- On-prem event logs as an untapped source of security intel
- Using SCOM as a filter to gather on-prem data
- Forwarding helpful data directly into Sentinel
- Activates SCOM’s Syslog capabilities
Check out Rod’s and Nathan’s blog posts on this new solution at the links below!
Rod:
Nathan:
- SCOM Security Monitoring and Sentinel Integration – SCOM Security Monitoring and Sentinel Integration – Nathan Gau’s SCOM blog (wordpress.com)
- Installing and Configuring On Prem Security Monitoring for Sentinel Integration – Installing and Configuring On Prem Security Monitoring for Sentinel Integration – Nathan Gau’s SCOM blog (wordpress.com)
- On Prem Security Monitoring for Sentinel Management Pack Summary – On Prem Security Monitoring For Sentinel Management Pack Summary – Nathan Gau’s SCOM blog (wordpress.com)
- Syslog: Syslog Support for SCOM using On Prem Security Monitoring for Sentinel – Nathan Gau’s SCOM blog (wordpress.com)
- Forwarding custom events/alerts: Forwarding Additional Alerts and/or Events into the Cloud – Nathan Gau’s SCOM blog (wordpress.com)
