This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
" class="nav-category">Career
This widget could not be displayed.
  • IT Topics
    • This widget could not be displayed.
  • Repo
    • This widget could not be displayed.
  • This widget could not be displayed.
    • ">MSPs
    This widget could not be displayed.
  • Community News
    • cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Search instead for 
    Did you mean: 

    SIEM integrations: Sentinel, Splunk and Datadog (quick overview)

    JuergenKlaassen
    Rising Star III
    Rising Star III

    ‎12-02-2022 02:41 AM - edited ‎12-02-2022 02:43 AM

    Hi

    Just to share my recent discoveries for Sentinel and Splunk as well as mentioning Datadog - as I find it noticeable in terms of integrations efforts and pricing.

    Azure Sentinel

    A publicly available Data Connector can be found on GitHub here. It's just updated to support Azure Functions v4 (as v3 gets deprecated tomorrow).
    It's fairly easy to integrate. An important note here: get your Sentinel configured first and find your <Workspace ID> and the <Workspace Key> under Workspace Settings (you don't need to install any agents).

    Screenshot 2022-12-02 at 15.15.37.png

    Post deployment you have all your required resources together.

    Screenshot 2022-12-02 at 14.46.45.png

    Post integration the Directory Insights logs will be stored in a dedicated table named 'JumpCloud_CL' and the data can be used in Hunting, Workbooks, Incidents etc.
    Screenshot 2022-12-02 at 14.45.24.png

    Splunk

    I haven' tried it out, but since 4th October there is a "JumpCloud Directory Insights' add-on available published by Maciej Duda.

    Screenshot 2022-12-02 at 15.33.55.png

    Datadog
    This integration exists since a couple of months and was announced here.
    Screenshot 2022-12-02 at 15.40.26.png

    2 REPLIES 2

    jreece22
    Novitiate I

    ‎11-07-2023 10:43 AM

    I created the Sentinel integration and then deleted it.  I later created the Sentinel integration again, but now the Table will not get created.  Any idea why the table doesn't get created now?  Or how I can create the table?

    0 Kudos

    urvashi
    Bronze I
    Bronze I
    In response to jreece22

    ‎11-10-2023 08:38 AM

    Hi @jreece22 was there a significant time gap between creating/deleting and then creating it again? Trying to figure out if there might have been any product updates on Sentinel or in JumpCloud in that time. 

    0 Kudos
    You Might Like

    New to the site? Take a look at these additional resources:

    Community created scripts

    Keep up with Product News

    Read our community guidelines

    Ready to join us? You can register here.