Just a collection of templates, scripts, configuration files and testing observations to make my life easier. This is part of my own GitHub repository (and one of the few I make public), so use the content and scripts here at your own risk :)
Integrating Sentinel and Home Infrastructure
As my home network continues to grow and more and more IoT devices are added, I felt the need to better improve my home security posture and frankly have a better visibility over what is going on in my network.
My IoT VLAN goes out to the internet, but have no access to my Trusted VLAN, except for mdns broadcast that thanks to Avahi, allows me to control my IoT devices when I am at home. This is all ultimately controlled by pfSense running on my Netgate SG-1100.
So the idea is to start shipping my pfSense logs to Microsoft Sentinel, where I can better monitor my Network and detect suspicious activity.
Microsoft Sentinel provides a Pay-As-You-Go Pricing currently at $2.46 per GB ingested, that should keep the costs minimal for my home use and give me a lot of flexibility to create rules, orchestration and automation.
I will be deploying a Syslog server on Azure, allowing me to scale the solution and forward syslog events from some key servers and applications I host locally. My syslog data will be stored on Log Analytics Workspace that in the end will be added to Sentinel for Ingestion and Analysis.