and more in a single search tool across platforms. Read the announcement here. |
01/08/2024 02:09 AM
HI All,
As per Saviynt documentation on Azure Sentinel integration it was mentioned that datacollectionAPI will be used for getting the logs from any client via REST API
datacollectionAPI is deprecated by microsoft and they are recommending to use logs ingestion api
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview
So our question is, do we need to make any changes in the Azure Sentinel-Saviynt Integration configurations (like python script changes, additional settings enablement or disablement) considering the api deprecation at microsoft side and if SIEM team needs to proceed with logs ingestion api instead datacollectionapi?
Can anyone please help us with the details ?
Thanks and Regards,
Sudhin Sudhakar
01/10/2024 03:46 AM
Hi @ssudhakar,
We are checking on your request and we will keep you posted.
01/16/2024 12:24 AM - edited 01/16/2024 12:25 AM
Hi @ssudhakar,
I would like to inform you that the Saviynt SEIM Integration for Azure Sentinel, a community-developed solution. As part of our commitment to fostering collaboration and continuous improvement, the source code for this integration is made available to the community.
We encourage you to explore the possibilities of enhancing and improving the integration by adapting the sample script to utilize the latest APIs. The source code, along with detailed documentation, can be accessed through the following link: [Saviynt SEIM Integration Guide](https://docs-be.saviyntcloud.com/bundle/EIC-Connectors/page/Content/Resources/Attachments/SentinelIn...).
Your contributions and insights are valuable in advancing the functionality and robustness of this integration. Once you have validated any enhancements or improvements, we kindly request that you share your solutions with the forum community. This collaborative effort will not only benefit individual users but will also contribute to the overall success of the integration.
Thank you for your ongoing support and dedication to the Saviynt community.