Forum Discussion
ermanishdey
Nov 18, 2022Copper Contributor
Using default Analytics rules/workbooks for 3rd party log streaming solution
Hi, I've a requirement to read audit/security logs from a 3rd party streaming solution e.g., cribl into MS Sentinel. As far as I know, if we don't use Sentinel data connectors, we cannot leverage th...
Clive_Watson
Nov 18, 2022Bronze Contributor
You will have to bring in Cribl yourself (using a Logic App, api, Logstash, or a custom connector...). That data will go into a Table of your choosing e.g. CRIB_CL.
You can create your own Parser (not always needed), Rules and Workbooks for that data. You could also take an existing Rule (if the use case matches) or workbook and alter it to support this new Table.
Most connectors in Sentinel have specific Workbooks/Parsers and Rules
You can create your own Parser (not always needed), Rules and Workbooks for that data. You could also take an existing Rule (if the use case matches) or workbook and alter it to support this new Table.
Most connectors in Sentinel have specific Workbooks/Parsers and Rules