Home

Possible data sources

%3CLINGO-SUB%20id%3D%22lingo-sub-360787%22%20slang%3D%22en-US%22%3EPossible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360787%22%20slang%3D%22en-US%22%3EHey%20there%2C%3CBR%20%2F%3EThe%20product%20is%20amazing%2C%20very%20promising%20with%20great%20features%2C%20looking%20forward%20to%20setup%20entire%20SIEM%20on%20it.%20Our%20company%20has%20zero%20on%20prem%20solution%2C%20it%E2%80%99s%20a%20cloud%20native%20organisation.%20It%20would%20be%20highly%20appriciated%20if%20you%20consider%20pull%20log%20via%20REST%20Api%20method%20that%20would%20help%20us%20to%20introduce%20integration%20with%3CBR%20%2F%3ECloudflare%3CBR%20%2F%3ESalesforce%3CBR%20%2F%3EAWS%20Cloudtrail%3CBR%20%2F%3EAWS%20S3%3CBR%20%2F%3EAlso%20any%20plan%20or%20a%20way%20to%20pull%20Azure%20Sql%20logs%3F%20Does%20it%20work%20if%20i%20just%20enable%20log%20analytics%20streaming%3F%3CBR%20%2F%3EMany%20thanks%20in%20advance!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361027%22%20slang%3D%22en-US%22%3ERe%3A%20Possible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361027%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20we%20actually%20have%20done%20is%26nbsp%3Bthe%20following%3A%3C%2FP%3E%3CP%3Eintegrated%20Salesforce%20with%20CloudApp%26nbsp%3Bsecurity%20portal%2C%20that%20collects%20and%20correlate%20SF%20logs%2C%3C%2FP%3E%3CP%3Eintegrated%20CloudApp%20security%20with%20Sentinel.%20Coz%2C%20SF%20has%26nbsp%3Brate%20limiting%2C%20and%26nbsp%3BCloudApp%20security%26nbsp%3Bintegration%20takes%20care%20of%20that.%20This%20flow%20somehow%20solved%20Salesforce%20part.%3C%2FP%3E%3CP%3EHowever%2C%20AWS%20is%20a%20different%20story%2C%20you%20have%20options%20for%20different%20SaaS%20logs%20to%20analyze%2C%20you%20might%20need%20to%20connect%20it%20to%20Sentinel%20directly%20(VPC%20logs%2C%20KMS%20logs%2C%20etc).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360808%22%20slang%3D%22en-US%22%3ERe%3A%20Possible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360808%22%20slang%3D%22en-US%22%3ESame%20exact%20environment%20and%20interest!%3C%2FLINGO-BODY%3E
mustafak1
Occasional Contributor
Hey there,
The product is amazing, very promising with great features, looking forward to setup entire SIEM on it. Our company has zero on prem solution, it’s a cloud native organisation. It would be highly appriciated if you consider pull log via REST Api method that would help us to introduce integration with
Cloudflare
Salesforce
AWS Cloudtrail
AWS S3
Also any plan or a way to pull Azure Sql logs? Does it work if i just enable log analytics streaming?
Many thanks in advance!
2 Replies
Same exact environment and interest!

What we actually have done is the following:

integrated Salesforce with CloudApp security portal, that collects and correlate SF logs,

integrated CloudApp security with Sentinel. Coz, SF has rate limiting, and CloudApp security integration takes care of that. This flow somehow solved Salesforce part.

However, AWS is a different story, you have options for different SaaS logs to analyze, you might need to connect it to Sentinel directly (VPC logs, KMS logs, etc).

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies