Got Splunk? Interested in ingesting Azure Sentinel alerts?
As most of the enterprises consume more and more cloud services, there is a huge requirement for Cloud-Native SIEM where Azure Sentinel comes in play and has following advantages.
- Easy collection from cloud sources
- Effortless infinite scale
- Integrated automation capabilities
- Continually maintained cloud and onprem use cases enhanced with Microsoft TI and ML
- Github community
- Microsoft research and ML capabilities
- Avoid sending cloud telemetry downstream
If you need to focus on Splunk as your aggregation point, the post below has the focus of ingesting Azure Sentinel alerts into Splunk by using the Microsoft Graph Security API.
Read this article for more:
- INFO: Azure Sentinel Side-by-Side with Splunk
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-splunk/ba-p/1211266
kurtsh
Kurt Shintaku's Blog 