Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt SEIM Integration - Azure Sentinel - Datacollection API Deprecation

ssudhakar
New Contributor III
New Contributor III

‎01/08/2024 02:09 AM

HI All,

As per Saviynt documentation on Azure Sentinel integration it was mentioned that datacollectionAPI will be used for getting the logs from any client via REST API

https://docs-be.saviyntcloud.com/bundle/EIC-Connectors/page/Content/Resources/Attachments/SentinelIn...

ssudhakar_0-1704704981607.png

datacollectionAPI is deprecated by microsoft and they are recommending to use logs ingestion api

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview

ssudhakar_1-1704705169978.png

So our question is, do we need to make any changes in the Azure Sentinel-Saviynt Integration configurations (like python script changes, additional settings enablement or disablement) considering the api deprecation at microsoft side and if SIEM team needs to proceed with logs ingestion api instead datacollectionapi?

Can anyone please help us with the details ?

Thanks and Regards,
Sudhin Sudhakar

 

 

 

 

 

 

0 Kudos
2 REPLIES 2

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/10/2024 03:46 AM

Hi @ssudhakar,

We are checking on your request and we will keep you posted.

0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/16/2024 12:24 AM - edited ‎01/16/2024 12:25 AM

Hi @ssudhakar,

I would like to inform you that the Saviynt SEIM Integration for Azure Sentinel, a community-developed solution. As part of our commitment to fostering collaboration and continuous improvement, the source code for this integration is made available to the community.

We encourage you to explore the possibilities of enhancing and improving the integration by adapting the sample script to utilize the latest APIs. The source code, along with detailed documentation, can be accessed through the following link: [Saviynt SEIM Integration Guide](https://docs-be.saviyntcloud.com/bundle/EIC-Connectors/page/Content/Resources/Attachments/SentinelIn...).

Your contributions and insights are valuable in advancing the functionality and robustness of this integration. Once you have validated any enhancements or improvements, we kindly request that you share your solutions with the forum community. This collaborative effort will not only benefit individual users but will also contribute to the overall success of the integration.

Thank you for your ongoing support and dedication to the Saviynt community.

 

0 Kudos
Copyright © 2024 Khoros, LLC