topic Microsoft Azure Sentinel integration with Splunk? in All Apps and Add-ons https://community.splunk.com/t5/All-Apps-and-Add-ons/Microsoft-Azure-Sentinel-integration-with-Splunk/m-p/470613#M57822 <P>Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk? </P> <P>I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk. </P> <P>It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.</P> <P>I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.</P> <P>Thanks.</P> Tue, 11 Feb 2020 19:08:49 GMT isfleming 2020-02-11T19:08:49Z Microsoft Azure Sentinel integration with Splunk? https://community.splunk.com/t5/All-Apps-and-Add-ons/Microsoft-Azure-Sentinel-integration-with-Splunk/m-p/470613#M57822 <P>Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk? </P> <P>I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk. </P> <P>It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.</P> <P>I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.</P> <P>Thanks.</P> Tue, 11 Feb 2020 19:08:49 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Microsoft-Azure-Sentinel-integration-with-Splunk/m-p/470613#M57822 isfleming 2020-02-11T19:08:49Z Re: Microsoft Azure Sentinel integration with Splunk? https://community.splunk.com/t5/All-Apps-and-Add-ons/Microsoft-Azure-Sentinel-integration-with-Splunk/m-p/470614#M57823 <P>The Microsoft Graph Security API Add-On for Splunk can get these events.</P> <P><A href="https://splunkbase.splunk.com/app/4564/">https://splunkbase.splunk.com/app/4564/</A></P> Tue, 11 Feb 2020 19:24:11 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Microsoft-Azure-Sentinel-integration-with-Splunk/m-p/470614#M57823 jconger 2020-02-11T19:24:11Z