All Apps and Add-ons

Microsoft Azure Sentinel integration with Splunk?

isfleming
Explorer

Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk?

I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk.

It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.

I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.

Thanks.

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

View solution in original post

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...