Sentinel Blue Logstash Plugin Modifications Now Open to the Public

Sentinel Blue Logstash Plugin Modifications Now Open to the Public

We are excited to share some of the great work the Microsoft Sentinel experts in our Security Operations Center have been up to. This time, we’re sharing a Logstash plugin modification to simplify the process of filtering and ingesting Logstash events into Microsoft Sentinel. 

Our fellow SOC operators know it is time-consuming and costly to process alerts without filtering; at Sentinel Blue, we’ve had success using Winlogbeat to extract logs from endpoints and move them over to Logstash for data filtering, resulting in a substantial reduction in data being ingested. Once the data has been reduced and processed, it is ready to send to Microsoft Sentinel.  

This output plugin modification we’re sharing reduces the complexity of that send from Logstash to Sentinel, giving our SOC (and yours) more efficiency, more performance, and fewer complexities. 

You can check it out on our GitHub here: https://github.com/sentinelblue/sentinelblue-logstash-output-azure-loganalytics

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments

    Sentinel Blue

    We are a cybersecurity services firm operating in the United States, offering a comprehensive package of modern cybersecurity solutions and services. We are on a mission to bring enterprise level cybersecurity to our partners in the small and medium-sized business world.

    © 2024 Sentinel Blue.

    NAVIGATION

    Get Started
    • Shield
    • Company
    • Solutions
    • Services
    • Engage
    Privacy Policy & Terms

    Contact Info

    332 W Lee Hwy
    Ste 236
    Warrenton, VA 20186
    E: [email protected]
    P: 571-485-9030