Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Saviynt - Microsoft Sentinel Integration

vardhan_Reddy
New Contributor II
New Contributor II

Hi,

We are integrating our new Saviynt Dev instance with Microsoft Sentinel for storing audit logs. Could you please help us in understanding following application settings that need to be specify in .py code.

customer_id
shared_key
log_type
TimeStampField
logAnalyticsUri
timeFrame

 

Also, please let us know if query that is mentioned in Microsoft sentinel guide can be customized in order to get audit logs on endpoints and security systems as well when these objects are updated as well?

select ua.TYPEOFACCESS as 'Object Type',ua.ActionType as 'Action
Taken',u.username as 'Accessed By', ua.IPADDRESS as 'IP Address',ua.
ACCESSTIME as 'Event Time',ua.DETAIL as 'Message' from users u ,
userlogin_access ua, userlogins l where l.loginkey = ua.LOGINKEY and
l.USERKEY = u.userkey and ua.AccessTime >= (NOW() - INTERVAL
${timeFrame} Minute) and ua.Detail is not NULL

 

 

 

 

1 REPLY 1

rushikeshvartak
All-Star
All-Star

Query can be updated as per need


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.