Dear Sentinel community,
I'm wondering if anyone already explored the possibilities of integrating sentinel Alerts with other SIEM solutions.
An Example could be for customers which want to leverage Sentinel for their Azure cloud environments but still need their on Premies SIEM solutions to receive logs also from other logs sources.
One option could be to stream Sentinel Alerts to Azure EventHub and then use the EventHub as log source in the on prem SIEM. Is this something supported on Sentinel? regards,Manuel
View best response
@Ofer_Shezaf: Is this something you can help with?
Hi @Manuel_DEste, great meeting you again!
Yes and no.
Forwarding alerts to an event hub is supported. You can use one of several ways:
Why no? because what you really want to send are cases and not alerts, which are automatically aggregated and reduced alerts. We are working to make sure those can be sent to a SIEM as well.
Hi @Ofer_Shezaf, great meeting you again too!Thank you for your reply, I'll try the Security Graph API for now, I didn't know about this feature!