Connect your Juniper SRX firewall to Azure Sentinel
This article explains how to connect your Juniper SRX firewall appliance to Azure Sentinel. The Juniper SRX data connector allows you to easily connect your SRX logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Juniper SRX and Azure Sentinel makes use of Syslog.
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
You must have read and write permission on the Azure Sentinel workspace.
Your Juniper SRX solution must be configured to export logs via Syslog.
Forward Juniper SRX logs to the Syslog agent
Configure Juniper SRX to forward Syslog messages to your Azure Sentinel workspace via the Syslog agent.
In the Azure Sentinel navigation menu, select Data connectors.
From the Data connectors gallery, select the Juniper SRX (Preview) connector, and then Open connector page.
Follow the instructions on the Juniper SRX connector page:
Install and onboard the agent for Linux
- Choose an Azure Linux VM or a non-Azure Linux machine (physical or virtual).
Configure the logs to be collected
- Select the facilities and severities in the workspace agents configuration.
Configure and connect the Juniper SRX
Find your data
After a successful connection is established, the data appears in Log Analytics under Syslog.
See the Next steps tab in the connector page for some useful sample queries.
It may take up to 20 minutes until your logs start to appear in Log Analytics.
In this document, you learned how to connect Juniper SRX to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.