Forum Discussion
Craig_Ob
Dec 02, 2019Copper Contributor
Defender ATP SIEM alien vault
Anyone integrated an Alienvault SIEM Connection with defender ATP and the security center?
Our last solution we had to export the data from Sophos and manually load it into the SIEM
- Thijs LecomteBronze ContributorWhat kind of imports do you have in AlienVault?
Does it support a custom API?
Otherwise you could spin up Sentinel and tell Sentinel to redirect logs to your SIEM- Craig_ObCopper Contributor
OK Thanks for that input, are you refering to Azure Sentinel and have them parse into the SIEM? Would you happen to have any info this process as this is a major part of our PCI requirements. Our old system (Sophos Cloud) we manually exported the logs and they were imnported into the Vault device.
- Thijs LecomteBronze ContributorYou would need a custom API though.
Check this out: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Export-data-from-sentinel-to-external-systems/m-p/891151