Posted by: kurtsh | March 10, 2020

INFO: Azure Sentinel Side-by-Side with Splunk

imageGot Splunk?  Interested in ingesting Azure Sentinel alerts?

As most of the enterprises consume more and more cloud services, there is a huge requirement for Cloud-Native SIEM where Azure Sentinel comes in play and has following advantages.

  • Easy collection from cloud sources
  • Effortless infinite scale
  • Integrated automation capabilities
  • Continually maintained cloud and onprem use cases enhanced with Microsoft TI and ML
  • Github community
  • Microsoft research and ML capabilities
  • Avoid sending cloud telemetry downstream

If you need to focus on Splunk as your aggregation point, the post below has the focus of ingesting Azure Sentinel alerts into Splunk by using the Microsoft Graph Security API.

Read this article for more:


%d bloggers like this: