Defender ATP SIEM alien vault

Craig_Ob · ‎Dec 02 2019

Anyone integrated an Alienvault SIEM Connection with defender ATP and the security center?

Our last solution we had to export the data from Sophos and manually load it into the SIEM

Thijs Lecomte · ‎Dec 02 2019

What kind of imports do you have in AlienVault?

Does it support a custom API?

Otherwise you could spin up Sentinel and tell Sentinel to redirect logs to your SIEM

Craig_Ob · ‎Dec 04 2019

@Thijs Lecomte

OK Thanks for that input, are you refering to Azure Sentinel and have them parse into the SIEM? Would you happen to have any info this process as this is a major part of our PCI requirements. Our old system (Sophos Cloud) we manually exported the logs and they were imnported into the Vault device.

Thijs Lecomte · ‎Dec 05 2019

You would need a custom API though.
Check this out: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Export-data-from-sentinel-to-external-systems/...

Defender ATP SIEM alien vault

Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender ATP SIEM alien vault

Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault

Re: Defender ATP SIEM alien vault