Forum Discussion
Data Base Integration with Sentinel
Hi All,
I am quite new to Sentinel platform but not new to SIEM.
How to integrate Data Base (any like Oracle, MsSql etc) audit or application logs which is in different table other than audit whether it is on-prem or Azure or other cloud, with Sentinel.
As I do not see official Data connectors for data bases as like in Splunk, ArcSight etc.
- Rod_Trent
Microsoft
Sentinel utilizes its own data and data structure (Log Analytics) which is more efficient and better performant than legacy database types. You can ingest data from various sources to Sentinel to enable Sentinel to analyze and alert on security indicators. See the following which includes ingesting custom data types:
https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources?tabs=azure-portal
You can migrate Splunk and ArcSight to Sentinel.
See the following for Splunk: https://learn.microsoft.com/en-us/azure/sentinel/migration-splunk-detection-rules
See the following for ArcSight: https://learn.microsoft.com/en-us/azure/sentinel/migration-arcsight-detection-rules
