Connect your Illusive Attack Management System to Azure Sentinel
This article explains how to connect your Illusive Attack Management System to Azure Sentinel. The Illusive Attack Management System data connector allows you to share Illusive’s attack surface analysis data and incident logs with Azure Sentinel and view this information in dedicated dashboards that offer insight into your organization’s attack surface risk (ASM Dashboard) and track unauthorized lateral movement in your organization’s network (ADS Dashboard).
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
Forward Illusive Attack Management System logs to the Syslog agent
Configure Attack Management System to forward Syslog messages in CEF format to your Azure workspace via the Syslog agent.
Log onto the Illusive Console, and navigate to Settings->Reporting.
Find Syslog servers.
Supply the following information:
- Host name: Linux Syslog agent IP address or FQDN host name
- Port: 514
- Protocol: TCP
- Audit messages: Send audit messages to server
To add the syslog server, click Add.
To use the relevant schema in Logs for the Illusive Attack Management System, search for CommonSecurityLog.
In this document, you learned how to connect Illusive Attack Management System to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.