Data Base Integration with Sentinel

Copper Contributor

Hi All,

 

I am quite new to Sentinel platform but not new to SIEM.

 

How to integrate Data Base (any like Oracle, MsSql etc) audit or application logs which is in different table other than audit whether it is on-prem or Azure or other cloud, with Sentinel.

 

As I do not see official Data connectors for data bases as like in Splunk, ArcSight etc.

1 Reply
Sentinel utilizes its own data and data structure (Log Analytics) which is more efficient and better performant than legacy database types. You can ingest data from various sources to Sentinel to enable Sentinel to analyze and alert on security indicators. See the following which includes ingesting custom data types:

https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources?tabs=azure-portal

You can migrate Splunk and ArcSight to Sentinel.

See the following for Splunk: https://learn.microsoft.com/en-us/azure/sentinel/migration-splunk-detection-rules

See the following for ArcSight: https://learn.microsoft.com/en-us/azure/sentinel/migration-arcsight-detection-rules