您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

将外围81活动日志连接到 Azure SentinelConnect your Perimeter 81 activity logs to Azure Sentinel

重要

Azure Sentinel 中的外围81数据连接器目前为公共预览版。The Perimeter 81 data connector in Azure Sentinel is currently in public preview. 此功能不附带服务级别协议,不建议将其用于生产工作负载。This feature is provided without a service level agreement, and it's not recommended for production workloads. 某些功能可能不受支持或者受限。Certain features might not be supported or might have constrained capabilities. 有关详细信息,请参阅 Microsoft Azure 预览版补充使用条款For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

本文介绍如何将 外围81活动日志 设备连接到 Azure Sentinel。This article explains how to connect your Perimeter 81 activity logs appliance to Azure Sentinel. 外围81活动日志连接器可让你轻松地将外围81数据引入 Azure Sentinel,使你能够在工作簿中查看它、使用它创建自定义警报,并将其合并以改进调查。The Perimeter 81 activity logs connector allows you to easily bring your Perimeter 81 data into Azure Sentinel, so that you can view it in workbooks, use it to create custom alerts, and incorporate it to improve investigation.

备注

数据将存储在运行 Azure Sentinel 的工作区的地理位置。Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.

先决条件Prerequisites

  • 你必须具有 Azure Sentinel 工作区的读取和写入权限。You must have read and write permissions on the Azure Sentinel workspace.

  • 您必须对工作区的共享密钥具有读取权限。You must have read permissions to shared keys for the workspace.

配置和连接外围81活动日志Configure and connect Perimeter 81 Activity Logs

外围81活动日志可以将日志直接集成到 Azure Sentinel 并将其导出。Perimeter 81 Activity Logs can integrate and export logs directly to Azure Sentinel.

  1. 在 Azure Sentinel 门户中,单击导航菜单上的 " 数据连接器 "。In the Azure Sentinel portal, click Data connectors on the navigation menu.

  2. 从库中选择 " 外围81活动日志 ",然后单击 " 打开连接器页 " 按钮。Select Perimeter 81 Activity Logs from the gallery, and then click the Open connector page button.

  3. 在 "外围81活动日志连接器" 页面上,复制 " 工作区 ID " 和 "主密钥" 并将其粘贴到外围81, 如此处所示From the Perimeter 81 Activity Logs connector page, copy the Workspace ID and Primary Key and paste them in Perimeter 81, as instructed here.

  4. 完成说明后,可以在 Azure Sentinel 连接器页中看到连接的数据类型。After you complete the instructions, you'll see the connected data types in the Azure Sentinel connector page.

查找数据Find your data

成功建立连接后,数据会显示在 " CustomLogs Perimeter81_CL 下的"日志"中 - 。After a successful connection is established, the data appears in Logs under CustomLogs - Perimeter81_CL.

可能需要长达20分钟的时间才能开始显示日志。It may take up to 20 minutes until your logs start to appear.

后续步骤Next steps

本文档介绍了如何将外围81活动日志连接到 Azure Sentinel。In this document, you learned how to connect Perimeter 81 activity logs to Azure Sentinel. 若要充分利用此数据连接器内置的功能,请单击 "数据连接器" 页上的 " 后续步骤 " 选项卡。To take full advantage of the capabilities built in to this data connector, click on the Next steps tab on the data connector page. 您可以在其中找到现成的工作簿和一些示例查询,以便您可以开始查找有用的信息。There you'll find a ready-made workbook and some sample queries so you can get started finding useful information.

要详细了解 Azure Sentinel,请参阅以下文章:To learn more about Azure Sentinel, see the following articles: