Home

Possible data sources

%3CLINGO-SUB%20id%3D%22lingo-sub-360787%22%20slang%3D%22en-US%22%3EPossible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360787%22%20slang%3D%22en-US%22%3EHey%20there%2C%3CBR%20%2F%3EThe%20product%20is%20amazing%2C%20very%20promising%20with%20great%20features%2C%20looking%20forward%20to%20setup%20entire%20SIEM%20on%20it.%20Our%20company%20has%20zero%20on%20prem%20solution%2C%20it%E2%80%99s%20a%20cloud%20native%20organisation.%20It%20would%20be%20highly%20appriciated%20if%20you%20consider%20pull%20log%20via%20REST%20Api%20method%20that%20would%20help%20us%20to%20introduce%20integration%20with%3CBR%20%2F%3ECloudflare%3CBR%20%2F%3ESalesforce%3CBR%20%2F%3EAWS%20Cloudtrail%3CBR%20%2F%3EAWS%20S3%3CBR%20%2F%3EAlso%20any%20plan%20or%20a%20way%20to%20pull%20Azure%20Sql%20logs%3F%20Does%20it%20work%20if%20i%20just%20enable%20log%20analytics%20streaming%3F%3CBR%20%2F%3EMany%20thanks%20in%20advance!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361027%22%20slang%3D%22en-US%22%3ERe%3A%20Possible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361027%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20we%20actually%20have%20done%20is%26nbsp%3Bthe%20following%3A%3C%2FP%3E%3CP%3Eintegrated%20Salesforce%20with%20CloudApp%26nbsp%3Bsecurity%20portal%2C%20that%20collects%20and%20correlate%20SF%20logs%2C%3C%2FP%3E%3CP%3Eintegrated%20CloudApp%20security%20with%20Sentinel.%20Coz%2C%20SF%20has%26nbsp%3Brate%20limiting%2C%20and%26nbsp%3BCloudApp%20security%26nbsp%3Bintegration%20takes%20care%20of%20that.%20This%20flow%20somehow%20solved%20Salesforce%20part.%3C%2FP%3E%3CP%3EHowever%2C%20AWS%20is%20a%20different%20story%2C%20you%20have%20options%20for%20different%20SaaS%20logs%20to%20analyze%2C%20you%20might%20need%20to%20connect%20it%20to%20Sentinel%20directly%20(VPC%20logs%2C%20KMS%20logs%2C%20etc).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360808%22%20slang%3D%22en-US%22%3ERe%3A%20Possible%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360808%22%20slang%3D%22en-US%22%3ESame%20exact%20environment%20and%20interest!%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor
Hey there,
The product is amazing, very promising with great features, looking forward to setup entire SIEM on it. Our company has zero on prem solution, it’s a cloud native organisation. It would be highly appriciated if you consider pull log via REST Api method that would help us to introduce integration with
Cloudflare
Salesforce
AWS Cloudtrail
AWS S3
Also any plan or a way to pull Azure Sql logs? Does it work if i just enable log analytics streaming?
Many thanks in advance!
2 Replies
Highlighted
Same exact environment and interest!
Highlighted

What we actually have done is the following:

integrated Salesforce with CloudApp security portal, that collects and correlate SF logs,

integrated CloudApp security with Sentinel. Coz, SF has rate limiting, and CloudApp security integration takes care of that. This flow somehow solved Salesforce part.

However, AWS is a different story, you have options for different SaaS logs to analyze, you might need to connect it to Sentinel directly (VPC logs, KMS logs, etc).