3rd Party Alert Ingestion into Sentinel as SEIM

Hi Cals,

Your question is quite broad, I'd suggest your create a bullet point list of your requirements and then that list can be compared to features in Sentinel.
Some thoughts on your challenge:
- take a look at the supported device feeds. it's a long list and you'll probably be happy with this level of support for 90% of your log sources.
- for custom log sources:
- syslog - should be pretty easy to parse and product alert/incidents - you'll need to learn how to set up a syslog collector with the AMA agent for this, and you'll need to learn some KQL for the parsing- very short learning curve.
- apis - for api related log sources you'll need to use Azure functions or Logic Apps. This will be a bigger learning curve than syslog so be prepared to spend some time on this or hire a contractor to get it done faster.
-SOAR capabilities - if you need custom SOAR actions to process your incidents, again this will be Logic Apps. Although this is mostly a no-code solution there is a learning curve just like any SOAR tool.