All Apps and Add-ons

Microsoft Azure Sentinel integration with Splunk?

isfleming
Explorer

Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk?

I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk.

It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.

I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.

Thanks.

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

View solution in original post

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...