Mastodawn

Tedi Heriyanto Dec 22, 2025

Series: Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions

- Part 1: https://blog.nviso.eu/series/siem-log-collectors-scale-ansible-github-actions-devops/

#siem #logcollection #ansible #githubactions

Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – NVISO Labs

In this blog series, I will show how to solve these challenges with DevOps and Infrastructure as Code (IaC) practices. Ansible and GitHub Actions power the solution.

NVISO Labs

Lukas Beran Jun 30, 2025

𝗛𝗼𝘄 𝘁𝗼 𝗰𝗼𝗹𝗹𝗲𝗰𝘁 𝗰𝘂𝘀𝘁𝗼𝗺 𝗲𝘃𝗲𝗻𝘁 𝗜𝗗𝘀 𝘁𝗼 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹

Microsoft Sentinel is Microsoft's SIEM/SOAR. It is used to collect and evaluate logs.

If you choose to collect security logs from Windows Server, Microsoft Sentinel can collect predefined log sets using the built-in settings. By default, you have the option to select from the predefined sets All Security Events, Common, or Minimal.

However, if you need to collect some custom Event IDs that do not belong to the above built-in categories, or simply want your own set of Event IDs to collect, you can define your own Event IDs using XPath queries.

XPath (XML Path Language) is a query language used for selecting nodes from an XML document. It allows you to navigate through elements and attributes in XML documents, making it a powerful tool for extracting specific pieces of information. XPath is commonly used in combination with XML parsers to filter and locate data based on complex conditions.

Read my blog post bellow 👇 👇
https://www.cswrld.com/2025/06/how-to-collect-custom-event-ids-to-microsoft-sentinel/

#cswrld #sentinel #eventid #logcollection #custom

Nicola Ferrini Aug 28, 2024

Il 31/08/2024 Log Analytics Agent non sarà più supportato quindi entro questa data dovrete procedere alla migrazione verso Azure Monitoring Agent (AMA).

https://www.ictpower.it/sicurezza/migrazione-di-log-analytics-agent-verso-azure-monitoring-agent-per-continuare-la-log-collection-in-microsoft-sentinel.htm

#Azure #MicrosoftSentinel #CyberSecurity #CloudComputing #LogCollection #ICTPower

HCS ▋Oct 31, 2019

Rapid7 has published a post on collecting audit logs from InsightVM with InsightIDR using NXLog Community Edition https://blog.rapid7.com/2019/10/30/be-audit-you-can-be-part-1-how-to-securely-send-and-monitor-your-audit-logs-with-insightidr/ … #infosec #SIEM #logcollection

There is another part, which is on parsing.

Audit Log Monitoring in Our SIEM Solution, InsightIDR

In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.

HCS ▋Aug 18, 2019

Collecting Linux Ingress Authentication Events using Rapid7 Universal Event Formats

https://superuser-ltd.github.io/2019/IngressAuthentication-Linux/

Continuation of:

Collecting Windows Ingress Authentication Events using Rapid7 Universal Event Formats

https://superuser-ltd.github.io/2019/IngressAuthentication/

#infosec #logging #logcollection #siem #rapid7

Collecting Linux Ingress Authentication Events using Rapid7 Universal Event Formats | Superuser Ltd by hcs0

Rapid7 released Universal Event Formats (UEF) as a way to allow event sources to make use of Rapid7 user behavior analytics (UBA) for DHCP, antivirus, ingres...