How can you transform data before it is ingested into Azure Sentinel?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is correct.
Using both Azure Functions and Logstash, we can connect Azure Sentinel to your data source.
Option B and C are incorrect.
Both Azure Functions and Logstash connect Azure Sentinel to your data source.
B & C contains only one of them each.
Option D is incorrect.
UEBA is one of the features present once enabled inside the Azure Sentinel.
References:
Azure Sentinel provides various ways to transform data before it is ingested, and some of the most common methods are through Azure Functions and Logstash. UEBA (User and Entity Behavior Analytics) is not a tool for data transformation but instead is used for detecting anomalies in user and entity behavior.
Azure Functions is a serverless compute service that allows users to run code on-demand without the need to provision or manage infrastructure. It can be used to perform data transformations by defining triggers, inputs, and outputs. For example, you can use Azure Functions to parse raw data, perform data enrichment, or transform data from one format to another before it is sent to Azure Sentinel.
Logstash is an open-source data processing pipeline that can be used to ingest, transform, and ship data to various destinations, including Azure Sentinel. Logstash provides over 200 plugins to help users transform data and supports various data formats, including CSV, JSON, and XML.
Therefore, the correct answer to the question is A, both Azure Functions and Logstash, as they are both valid options for transforming data before it is ingested into Azure Sentinel.