NSS Connection to Azure Sentinel

Hello Everyone,

Can we use NSS Server as a syslog server to send traffic to Azure Sentinel? or is NSS server used to connect to Microsoft MCAS only ? or would I need to deploy another linux syslog server and send traffic to Azure Sentinel?


You can use the NSS to stream logs in many different formats to many different solutions.
You just need to pick the correct options. I think you can have up to 16 (or is it 8?) feeds per NSS.

Hi @DTheMan

an additional Linux VM is required as the data connector between NSS and sentinel - refer to the below document (Step.3):

i think there is cloud NSS deployment as well, but last i heard, it wasn’t avail for use with sentinel yet.

1 Like