Forum Discussion
Sending logs from one tenant to a different tenant Sentinel instance
pavankemi That would be because I told you the wrong connector name. Sorry. It is actually the "Azure Log Analytics Data Collector" connector that you want to use.
Microsoft- I would use Azure functions and not Logic Apps, as Logic Apps cost may become prohibitive.
- It is not a simple project. We have customers doing that, but there is an inherent effort both in the custom connectors and modifying queries to work with it. Also, with custom connectors free sources are no longer free.
To try to best help: why do you need to move all data to a central tenant?
- Ofer_Shezaf
Thank you for the response. Customer has multiple tenants which are owned by Customer but one tenant is being managed by the vendor. Customer needs logs from the vendor managed tenant and send it to their Tenant to centrally monitor. In short, customer has few contractual obligations with the vendor and cannot deploy Lighthouse and wanted to go with logs forwarding from Tenant 1 to Tenant 2- Ofer_Shezaf
First, it would be a large effort to just not use Lighthouse. However, any future support for cross tenant collection will also use Lighthouse (though reverse Lighthouse). So the contractual issues will have to be resolved.
- Ofer_Shezaf I have a similar scenario, and I want to ask that currently I am using Azure Lighthouse, where the Service Provider has access to certain resources in the Customer's tenant. But Customer wants to receive SP's auth logs to be aware of logins of the SP's employees, can you share how we can do that?
