Forum Discussion

Anurag65

Copper Contributor

Jan 22, 2020

Solved

Splunk logs on Azure Sentinel

Team please confirm whether Splunk logs can be send on Azure Sentinel if yes how and where we can see the logs.

Ofer_Shezaf
Jan 26, 2020
Anurag65 , CliveWatson : we do see customers who prefer to reuse their existing collection infrastructure and hence send logs from a current SIEM to Sentinel. Splunk specifically supports forwarding events in CEF using the Splunk CEF app. You can also forward directly from a forwarder using Syslog.

Ofer_Shezaf

Microsoft

Jan 26, 2020

Anurag65 , CliveWatson : we do see customers who prefer to reuse their existing collection infrastructure and hence send logs from a current SIEM to Sentinel. Splunk specifically supports forwarding events in CEF using the Splunk CEF app. You can also forward directly from a forwarder using Syslog.

David Caddick

Iron Contributor

Feb 08, 2020

Ofer_Shezaf I'm more interested in seeing it go the other way, how can I send the Sentinel Alerts to Splunk?

Ofer_Shezaf
Microsoft
Feb 09, 2020
David Caddick: Either use the Graph Security API or A logic App playbook. The former is more straight forward, but the letter allows more control. For example you will be able to get the back events with the alert.