iboss via AMA

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Connectors Index

Attribute Value
Connector ID ibossAma
Publisher iboss
Used in Solutions iboss
Collection Method AMA
Connector Definition Files template_ibossAMA.json

The iboss data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.

Additional Information

🛠️ Device Configuration: Navigate to Reporting & Analytics > Log Forwarding > Forward From Reporter. Add Service, toggle to Microsoft Sentinel, input Workspace ID/Primary Key. See iboss documentation.

Tables Ingested

This connector ingests data into the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
CommonSecurityLog DeviceVendor == "iboss" ?

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Configure AMA Data Connector

Steps to configure the iboss AMA Data Connector Kindly follow the steps to configure the data connector

Step A. Gather Required Configuration Details in Azure Arc

  1. Navigate to Azure Arc ---> Azure Arc Resources ---> Machines.

  2. Add a machine ---> Add a single server ---> Generate script.

  3. Select the resource group, this should be the same group as the Log Analytics Workspace for your Microsoft Sentinel instance you will be using

  4. Select a region and ensure it is in the same region as your Log Analytics Workspace

  5. Select Linux as Operating System

  6. Click Next

  7. Download the script and use this information for the next step when configuring your Microsoft Sentinel AMA integration iboss side.

  8. Navigate to the Log Analytics Workspace of your Microsoft Sentinel instance and find it's resource group, workspace name, and workspace id

Step B. Forward Common Event Format (CEF) logs

Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. (Ensure you have the information gathered from the previous section)

  1. Navigate to the Integrations Marketplace inside your iboss Console

  2. Select Microsoft Sentinel AMA Log Forwarding

  3. Select Add Integration

  1. Use the information from the script and your log analytics workspace to configure the integration.

  2. Add the integration

  1. An email with be sent to your iboss alerts email to authenticate. Please do so within five minutes
  1. After authenticating, wait 15 to 20 minutes and ensure the Microsoft Sentinel Status of your integration is successful.

Step C. Validate connection

  1. Follow the instructions to validate your connectivity:

  2. Open Log Analytics to check if the logs are received using the CommonSecurityLog schema.

  3. It may take about 20 minutes until the connection streams data to your workspace.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Connectors Index