Forum Discussion

Brass Contributor

Mar 04, 2021

Sending logs from one tenant to a different tenant Sentinel instance

Team, I have a scenario where logs from one tenant needs to be forwarded to another tenant LA workspace Sentinel. I know we have Azure lighthouse which can be used but customer requirement is to ...

Brass Contributor

Mar 05, 2021

Hi Gary.i was looking at the Azure monitor send data connector in logic apps but there is no such action listed under azure monitor. Am i doing something wrong

Bronze Contributor

Mar 05, 2021

pavankemi That would be because I told you the wrong connector name. Sorry. It is actually the "Azure Log Analytics Data Collector" connector that you want to use.

Ofer_Shezaf
Microsoft
Mar 08, 2021
pavankemi :

- I would use Azure functions and not Logic Apps, as Logic Apps cost may become prohibitive.

- It is not a simple project. We have customers doing that, but there is an inherent effort both in the custom connectors and modifying queries to work with it. Also, with custom connectors free sources are no longer free.

To try to best help: why do you need to move all data to a central tenant?
- pavankemi
  Brass Contributor
  Mar 09, 2021
  Ofer_Shezaf
  Thank you for the response. Customer has multiple tenants which are owned by Customer but one tenant is being managed by the vendor. Customer needs logs from the vendor managed tenant and send it to their Tenant to centrally monitor. In short, customer has few contractual obligations with the vendor and cannot deploy Lighthouse and wanted to go with logs forwarding from Tenant 1 to Tenant 2
  - Ofer_Shezaf
    Microsoft
    Mar 09, 2021
    pavankemi:
    
    First, it would be a large effort to just not use Lighthouse. However, any future support for cross tenant collection will also use Lighthouse (though reverse Lighthouse). So the contractual issues will have to be resolved.

Resources