Apr 27 2020 01:11 AM
Hi All,
Hope you are well. Just wanted to know if anyone has integrated Quest Change Auditor with Sentinel please? If yes, wha was the method used .
Regards,
Maxou
Apr 27 2020 05:02 AM
@Maxou I worked with a customer recently to get Edgewise configured for ingestion with Sentinel and Change Auditor seems very similar in function.
Does Change Auditor have the ability to export data? If so, you can use the Log Analytics agent to deliver the data to a custom table in the Azure Sentinel Log Analytics Workspace.
Ask Quest if this is possible, or if they have instructions for integrating their product with other SIEMS.
Apr 27 2020 06:35 AM
Apr 27 2020 06:39 AM
@Maxou Definitely let me know what comes of it. Very interested.
The methods Quest uses for the other SIEMs would be very similar to how we do it. We still have customers that run other SIEMs side-by-side with Sentinel - either long term, or as a migration path.
We can even import csv and JSON data files, btw.
Apr 29 2020 02:31 AM
@Rod_Trent Okay then. Will see what they if they come back to me. Thanks again.