Nov 18 2022 07:01 AM
Hi,
I've a requirement to read audit/security logs from a 3rd party streaming solution e.g., cribl into MS Sentinel. As far as I know, if we don't use Sentinel data connectors, we cannot leverage the MS built-in analytics rules for that product (like, AWS, Active directory, any SaaS solution etc.). Since here, I'll have to ingest all logs from cribl into my Sentinel workspace, I cannot use individual data connectors for each component. How do I make use of the built-in analytics rules/workbooks in such case? Is there a way like custom parsing/table etc. which can help?
Nov 18 2022 09:19 AM