Ready to get started? Download the step-by-step guide below.
Is there such a thing as too much security? Not in our books. And that’s why we offer a public REST API to our customers as part of their Admin By Request license: providing the ability to pull data into your own SIEM system for further analysis.
The latest SIEM we’ve built an integration for is Microsoft Sentinel – Microsoft’s “scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution”.
What the Integration Offers
With this integration, we’ve set up a hassle-free way to send Auditlog data from your User Portal to Microsoft Sentinel using Azure Logic Apps. It’s quick, painless, and ensures you get the best of both worlds: comprehensive Auditlog data combined with Sentinel’s intelligent security analysis and threat detection capabilities.
How it Works
Microsoft Sentinel offers various ways to consume data from different sources. For this integration, we leverage the power of Azure Logic Apps to consume the Admin By Request Auditlog API and forward each new entry to an Azure Log Analytics Workspace for further Sentinel consumption.
The Azure Logic App requires only a few simple changes before having you up and running with Auditlog data in your Sentinel setup:
- Set up the workspace
- Create an Azure Logic App
- Plug in the code
- Enter parameters
- Add some actions
- Run the app
You can then point your Sentinel setup to use the configured workspace as a data source.
Download the manual below for a step-by-step how-to guide:
If you’ve identified a bug or have a suggestion for this integration, or another SIEM integration you’d like us to add, contact us here and we’ll see what we can do.