Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Archer integration with Microsoft Sentinel (SIEM)

mykgang1
Contributor III

‎2024-09-17 08:47 AM

Hi All,

Our client wants to integration Microsoft Sentinel SIEM solution with Archer. Please let me know if this is possible and how?

Thanks

 

0 Kudos
6 REPLIES 6

DavidPetty
Archer Employee
Archer Employee

‎2024-09-17 09:30 AM

@mykgang1 it depends on how you can get the data out of Microsoft Sentinel SIEM.  What data export options does it have; APIs, database, file export, etc.?  Depending on the how, you can use a data feed to ingest the data.

 Advisory Consultant

mykgang1
Contributor III
In response to DavidPetty

‎2024-09-18 05:50 AM

Thanks @DavidPetty . Also, is there any way to export or push Archer (SaaS) logs to Microsoft Sentinel (SIEM)?

0 Kudos

DavidPetty
Archer Employee
Archer Employee
In response to mykgang1

‎2024-09-18 09:35 AM

Anytime : D

Unfortunately, no.

 Advisory Consultant

0 Kudos

mykgang1
Contributor III
In response to DavidPetty

‎2024-09-18 10:22 AM

@DavidPetty then I think there is only on way to do this by leveraging Archer API. Is my understanding correct?

0 Kudos

DavidPetty
Archer Employee
Archer Employee
In response to mykgang1

‎2024-09-18 11:30 AM

Without knowing the whole use case, it hard to tell.

If it's Archer to SIEM it would probably be a JS transport data feed.

If it's SIEM to Archer, yes it would be leveraging Archer's APIs.

Alternatively, you could have middleware that talks between the two.

 Advisory Consultant