Monitoring: Leverage GSA Sentinel integration

Implementation Effort: Low

User Impact: Low

Overview

Global Secure Access integrates with Microsoft Sentinel, letting organizations stream network traffic logs, audit logs, and alerts directly into Sentinel. This integration uses Microsoft Entra diagnostic settings and a Global Secure Access content hub package with preconfigured workbooks and analytics rules to enhance security monitoring and visualization. By correlating GSA data with other Microsoft security solutions, such as the Defender suite, Entra, and Microsoft 365, organizations can strengthen their overall security posture. For example:

• Microsoft 365 activity logs can be enriched with device and original source IP information from GSA.
• GSA traffic can be correlated with user risk signals from Entra ID Protection.
• GSA logs can incorporate threat intelligence from Microsoft or third-party sources.

This empowers Security Operations Center (SOC) teams to analyze and act on GSA data, even without direct access to Entra.

Reference

• Enhance threat detection with Global Secure Access in Microsoft Sentinel
• Configure Microsoft Entra diagnostic settings for activity logs
• Microsoft Sentinel in the Microsoft Defender portal