Forum Discussion
Solved
Splunk logs on Azure Sentinel
Team please confirm whether Splunk logs can be send on Azure Sentinel if yes how and where we can see the logs.
Anurag65 , CliveWatson : we do see customers who prefer to reuse their existing collection infrastructure and hence send logs from a current SIEM to Sentinel. Splunk specifically supports forwarding events in CEF using the Splunk CEF app. You can also forward directly from a forwarder using Syslog.
Ofer_Shezaf I'm more interested in seeing it go the other way, how can I send the Sentinel Alerts to Splunk?
Ofer_Shezaf
Microsoft
MicrosoftDavid Caddick: Either use the Graph Security API or A logic App playbook. The former is more straight forward, but the letter allows more control. For example you will be able to get the back events with the alert.