log ingestion, analytic rules creation for sentinel (trend micro, Forcepoint DLP ,UpGuard BreachSit

Victor1989

Trend Apex One comes with Rules to try:

The Forcepoint DLP Solution in Sentinel, doesn't have any Rules but there is a Workbook, so I'd look at the queries it uses as a starting point Azure-Sentinel/ForcepointDLP.json at ea0af641f3bd9aafea98d373e4346d1cbd5833c1 · Azure/Azure-Sentinel (github.com)

This is an area I'd love to see Microsoft and the vendors improve, I think the minimum requirement should be one Analytic Rule, to get a Solution accepted into Sentinel (unless the data source supports a released ASIM parser).

For the others I'd typically look for a similar product that has Use cases and adapt those.