Forum Discussion
Ingesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find ...
Singh123999 thanks for the input.
I explored this option Office 365 Management Activity API schema | Microsoft Learn however we can also use Defender logs ingestion to Splunk using Defender https://apps.splunk.com/app/4959/ since DLP feeds alerts and incidents to Defender security portal as well. Apart from this, we can utilize graph security API also to ingest feeds to Splunk (https://learn.microsoft.com/en-us/answers/questions/1139341/graph-api-security-get-related-activities-for-a-dl) However I am not sure which option will be feasible in this case. If you have any inputs on this
Hi KashifKloudy,
I wondered how this was progressing, i am interested in the exact same as you "push MIP DLP related alerts, incidents and data to Splunk SIEM". I wondered how this has progressed since you last posted, could you share what you did, and what has been successful please
Thanks
Brad
I wondered how this was progressing, i am interested in the exact same as you "push MIP DLP related alerts, incidents and data to Splunk SIEM". I wondered how this has progressed since you last posted, could you share what you did, and what has been successful please
Thanks
Brad
- Would love to know any update on this as well
Thx
