Integrating on premises SIEM with microsoft casb

Question

I am looking for the solution integrating on premises SIEM with existing&nbsp; micsroft CaSB and viewing the incident and event of on premises devices on CASB. Is this possible ?

joe stocker · Answer

I don't think it is possible to ingest your SIEM into M365 Defender, however, you can ingest it into Sentinel. https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format#supported-architectures

dean_gross · Answer

It depends on your SIEM, see https://docs.microsoft.com/en-us/defender-cloud-apps/siem

jemson4u · Answer

Thanks Dean for your reply much appreciated I have gone through the document,but I was looking other way around ingesting that logs from SIEM to cloud app portal SIEM is Fortisiem which will help us to see alerts and incidents on Microsoft defender

jemson4u · Answer

Thanks Joe, we were looking for a solution to make use of our existing siem with microsoft defender

Forum Discussion

Integrating on premises SIEM with microsoft casb

4 Replies

Resources