Does anyone know if there is a way to integrate Microsoft Azure Sentinel with Splunk?
I'm specifically looking for events of interest/alerts/indicators from Sentinel into Splunk.
It appears that the Microsoft Azure Add-on for Splunk provides access to many aspects of Azure including Security Center but I don't see anything specifically for Sentinel. Presumably Sentinel would take these various feeds and apply the Microsoft secret sauce to them to provide insight. Rather than having to reverse-engineer or build new in Splunk it would be good if there was a way to integrate the curated information from Sentinel into Splunk.
I can't seem to find any information on a Sentinel API. There are data connectors to get data into Sentinel but I can't seem to find anything on getting data out.
Thanks.
The Microsoft Graph Security API Add-On for Splunk can get these events.
The Microsoft Graph Security API Add-On for Splunk can get these events.