Forum Discussion
Defender ATP SIEM alien vault
Anyone integrated an Alienvault SIEM Connection with defender ATP and the security center? Our last solution we had to export the data from Sophos and manually load it into the SIEM
OK Thanks for that input, are you refering to Azure Sentinel and have them parse into the SIEM? Would you happen to have any info this process as this is a major part of our PCI requirements. Our old system (Sophos Cloud) we manually exported the logs and they were imnported into the Vault device.
You would need a custom API though.
Check this out: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Export-data-from-sentinel-to-external-systems/m-p/891151
Check this out: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Export-data-from-sentinel-to-external-systems/m-p/891151