RSA® SecurID (Authentication Manager) connector for Microsoft Sentinel
The RSA® SecurID Authentication Manager data connector provides the capability to ingest RSA® SecurID Authentication Manager events into Microsoft Sentinel. Refer to RSA® SecurID Authentication Manager documentation for more information.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | Syslog (RSASecurIDAMEvent) |
Data collection rules support | Workspace transform DCR |
Supported by | Microsoft Corporation |
Query samples
Top 10 Sources
RSASecurIDAMEvent
| summarize count() by tostring(DvcHostname)
| top 10 by count_
Vendor installation instructions
Note
This data connector depends on a parser based on a Kusto Function to work as expected RSASecurIDAMEvent which is deployed with the Microsoft Sentinel Solution.
Note
This data connector has been developed using RSA SecurID Authentication Manager version: 8.4 and 8.5
- Install and onboard the agent for Linux or Windows
Install the agent on the Server where the RSA® SecurID Authentication Manager logs are forwarded.
Logs from RSA® SecurID Authentication Manager Server deployed on Linux or Windows servers are collected by Linux or Windows agents.
- Configure RSA® SecurID Authentication Manager event forwarding
Follow the configuration steps below to get RSA® SecurID Authentication Manager logs into Microsoft Sentinel.
- Follow these instructions to forward alerts from the Manager to a syslog server.
Next steps
For more information, go to the related solution in the Azure Marketplace.