Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update LAB_AK_06_Lab1_Ex3_Connect_Linux.md #68

Open
wants to merge 1 commit into
base: prod
Choose a base branch
from
Open

Update LAB_AK_06_Lab1_Ex3_Connect_Linux.md #68

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions Instructions/Labs/LAB_AK_06_Lab1_Ex3_Connect_Linux.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@

## Lab scenario

You are a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You must learn how to connect log data from the many data sources in your organization. The next source of data is Linux virtual machines using the Common Event Formatting (CEF) via Legacy Agent and Syslog connectors.
You are a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You must learn how to connect log data from the many data sources in your organization. The next source of data is Linux virtual machines using the Common Event Formatting (CEF) via Legacy Agent and Microsoft Sysmon For Linux connectors.

>**Important:** There are steps within the next Tasks that are done in different virtual machines. Look for the Virtual Machine name references.

## Lab objectives
In this lab, you will perform the following:
- Task 1: Access the Microsoft Sentinel Workspace
- Task 2: Connect a Linux Host using the Common Event Format connector
- Task 3: Connect a Linux host using the Syslog connector
- Task 4: Configure the facilities you want to collect and their severities for the Syslog connector
- Task 3: Connect a Linux host using the Microsoft Sysmon For Linux connector
- Task 4: Configure the facilities you want to collect and their severities for the Microsoft Sysmon For Linux connector

## Estimated timing: 40 minutes

Expand Down Expand Up @@ -79,19 +79,19 @@ In this task, you will connect a Linux host to Microsoft Sentinel with the Commo

1. Type **exit** to close the remote shell connection to LIN1.

### Task 3: Connect a Linux host using the Syslog connector
### Task 3: Connect a Linux host using the Microsoft Sysmon For Linux connector

In this task, you will connect a Linux host to Microsoft Sentinel with the Syslog connector.
In this task, you will connect a Linux host to Microsoft Sentinel with the Microsoft Sysmon For Linux connector.

1. Go back to the Edge browser.

1. In the Search bar of the Azure portal, type **Sentinel**, then select **Microsoft Sentinel**.

1. Select the Microsoft Sentinel Workspace you created in a previous lab.

1. Go-to content hub in data connector window search for **syslog** and install it.
1. Go-to content hub and search for **Microsoft Sysmon For Linux** and install it.

1. From the **Data Connectors tab**, search for the **Syslog** connector and select it from the list.
1. From the **Data Connectors tab**, search for the **Microsoft Sysmon For Linux** connector and select it from the list.

1. Select the **Open connector page** on the connector information blade.

Expand Down Expand Up @@ -135,11 +135,11 @@ In this task, you will connect a Linux host to Microsoft Sentinel with the Syslo

1. When it finished, type **exit** to close the remote shell connection to LIN2.

### Task 4: Configure the facilities you want to collect and their severities for the Syslog connector
### Task 4: Configure the facilities you want to collect and their severities for the Microsoft Sysmon For Linux connector

In this task, you will configure the Syslog collection facilities.

1. Go back to the Edge browser where you have your Microsoft Sentinel Portal open and close the "Log Analytics workspace" page and the "Syslog" data connector page by selecting the 'x' in the top right corner twice.
1. Go back to the Edge browser where you have your Microsoft Sentinel Portal open and close the "Log Analytics workspace" page and the "Microsoft Sysmon For Linux" data connector page by selecting the 'x' in the top right corner twice.

1. In Microsoft Sentinel portal, select **Settings** from *Configuration* area and then select **Workspace settings** from the settings blade.

Expand All @@ -163,7 +163,7 @@ In this task, you will configure the Syslog collection facilities.
In this lab, you have completed the following:
- able to access the Microsoft Sentinel Workspace
- Connected a Linux Host using the Common Event Format connector
- Connected a Linux host using the Syslog connector
- Configured the facilities you want to collect and their severities for the Syslog connector
- Connected a Linux host using the Microsoft Sysmon For Linux connector
- Configured the facilities you want to collect and their severities for the Microsoft Sysmon For Linux connector

## You have successfully completed this lab.