Radiflow iSID via AMA connector for Microsoft Sentinel
iSID enables non-disruptive monitoring of distributed ICS networks for changes in topology and behavior, using multiple security packages, each offering a unique capability pertaining to a specific type of network activity
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | CommonSecurityLog (RadiflowEvent) |
| Data collection rules support | Workspace transform DCR |
| Supported by | Radiflow |
Query samples
Top 5 protocols by number of events
RadiflowEvent
| where DeviceProduct =~ "iSID"
| where isnotempty(Protocol)
| summarize count() by Port, Protocol
| project-keep count_, Port, Protocol
| top 5 by Protocol
Vendor installation instructions
Note
This data connector depends on a parser based on a Kusto Function to work as expected [RadiflowEvent] which is deployed with the Microsoft Sentinel Solution.
- Secure your machine
Make sure to configure the machine's security according to your organization's security policy
Next steps
For more information, go to the related solution in the Azure Marketplace.