cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM integrations: Sentinel, Splunk and Datadog (quick overview)

JuergenKlaassen
Rising Star III
Rising Star III

Hi

Just to share my recent discoveries for Sentinel and Splunk as well as mentioning Datadog - as I find it noticeable in terms of integrations efforts and pricing.

Azure Sentinel

A publicly available Data Connector can be found on GitHub here. It's just updated to support Azure Functions v4 (as v3 gets deprecated tomorrow).
It's fairly easy to integrate. An important note here: get your Sentinel configured first and find your <Workspace ID> and the <Workspace Key> under Workspace Settings (you don't need to install any agents).

Screenshot 2022-12-02 at 15.15.37.png

Post deployment you have all your required resources together.

Screenshot 2022-12-02 at 14.46.45.png

Post integration the Directory Insights logs will be stored in a dedicated table named 'JumpCloud_CL' and the data can be used in Hunting, Workbooks, Incidents etc.
Screenshot 2022-12-02 at 14.45.24.png

Splunk

I haven' tried it out, but since 4th October there is a "JumpCloud Directory Insights' add-on available published by Maciej Duda.

Screenshot 2022-12-02 at 15.33.55.png

Datadog
This integration exists since a couple of months and was announced here.
Screenshot 2022-12-02 at 15.40.26.png

2 REPLIES 2

jreece22
Novitiate I

I created the Sentinel integration and then deleted it.  I later created the Sentinel integration again, but now the Table will not get created.  Any idea why the table doesn't get created now?  Or how I can create the table?

Hi @jreece22 was there a significant time gap between creating/deleting and then creating it again? Trying to figure out if there might have been any product updates on Sentinel or in JumpCloud in that time.