How to integrate Beyond Trust Logs With Sentinel

BeyondTrust is a company with multiple products. 

I've recently had to write Function Apps to pull their event logs from Privileged Remote Access and it was really tough going... dependent on the product logs you want from PRA.  Session Recordings could only be retrieved in XML and the Syslog API doesn't have time filtering capability, so you get a single zip with a couple of months of event records every time the API is polled.  What was particularly frustrating was that the timestamp in API pulled syslog doesn't contain the year of the event.. all requiring custom coding and filtering to translate.

PRA does have other options with syslog appliances etc (none were suitable for the environment I'm working in).  It is a challenge to get a FunctionApp working properly - but if you are a confident scripter its achievable with the Reporting API https://docs.beyondtrust.com/pra/docs/reporting.