Join me as we configure a whole azure sentinel environment and syslog collector from scratch and also deploy the Ubiquiti arm template. This template will help ingest the Ubiquiti logs into a custom Ubiquiti log table.

Thanks to everyone involved in making this ARM template! Love you! ♥😻😍🥰

Here is the one line script to install the log analytics agent (remove the underscore in https)
wget https_://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w 'workspace_id' -s 'workspace_key'

Here is the link to the Ubiquiti UniFi Solution deployment (public preview)
https://azuremarketplace.microsoft.co...

Github Repository
https://github.com/Azure/Azure-Sentin...

Additionally, the template will deploy the following:
Data Connectors: 1
Parsers: 1
Workbooks: 1
Analytic Rules: 10
Hunting Queries: 10

Timestamps:

00:00:00​ - Intro
00:00:30​ - The deployment flow
00:06:25 - How much it costs me to ingest logs for my home
00:07:55 - First is to configure a log analytics workspace
00:09:00 - Enable Azure Sentinel on the log analytics workspace
00:10:45 - Get our workspace ID and workspace Key
00:11:10 - Deploy the Ubiquiti Unifi Solution (Public Preview) ARM Template
00:12:25 - Install the OMS agent on your Linux syslog collector
00:14:00 - Enable rsyslog and enable service
00:17:15 - Configure the custom ubiquiti.conf file
00:20:10 - Configure Ubiquiti to send remote syslog to the syslog collector on port 22022
00:22:54 - Validate logs are being ingested and using the parser UbiquitiAuditEvent
00:23:50 - Using the custom Ubiquiti Hunting queries
00:24:35 - Access the saved Ubiquiti Workbook (Not template)
00:25:25 - Enabling the Ubiquiti Analytic Rules (alerts)
00:26:00 - We are doneso and lets recap!

Ubiquiti.conf file
https://raw.githubusercontent.com/Azu...

Connect with me!
Twitter -   / teachjing​  
LinkedIn -   / ​  

Check out the other videos in the series Azure Sentinel Lab Series Playlist    • Azure Sentinel Lab Series  

Become an Azure Sentinel Ninja: The complete level 400 training
https://techcommunity.microsoft.com/t...

It is not required, but please watch the KQL tutorial series so you know how to query your logs after its all working
   • KQL Tutorial Series