All Apps and Add-ons

Microsoft Azure Sentinel integration with Splunk?

isfleming
Explorer

Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk?

I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk.

It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.

I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.

Thanks.

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

View solution in original post

jconger
Splunk Employee
Splunk Employee

The Microsoft Graph Security API Add-On for Splunk can get these events.

https://splunkbase.splunk.com/app/4564/

View solution in original post

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!