Forum Discussion
ChokroHyd
Nov 07, 2023Copper Contributor
Menlo and Archer integration with Microsoft Sentinel
We have two scenarios,
1- We want to integrate Menlo Security tool with Microsoft Sentinel, and it looks like there isnt any built-in connector or matter of fact no materiel out there.
2- We also want to integrate Sentinel with Archer (so sentinel can send incident/alert data to Archer), a risk management tool with ticketing capability.
Could you guys please advise how this can be achieved, I know custom connector build would be the answer but does any one have achieved this already, any tips suggestions?
- Clive_WatsonBronze Contributor2. I'd assume Archer has an API, you could use the HTTP control in a Logic App (Playbook) to talk to the api, and follow the process used for other ticketing systems - one example: https://github.com/Azure/Azure-Sentinel/tree/51b0fe8ba764c74e2fa6ec136166443204c8b51c/Solutions/AtlassianJiraAudit/Playbooks/Jira-CreateAndUpdateIssue
I've assumed Archer doesnt have a Logic App item, but haven't checked.- ChokroHydCopper ContributorThanks Clive for the reply. Would this be cost effective way, as I have read in Microsoft material that "Logic App wouldn't be cost effective if there is large volume of data involved"?