Using Oracle Cloud Infrastructure with Microsoft Sentinel

Question

I am currently using the trial version of Microsoft Sentinel. I have created in OCI the necessary structure to collect logs from several Microsoft VMs I have in the Oracle Cloud, and would like to send these to Microsoft Sentinel. When I go into Content Hub in Microsoft Sentinel, I notice there is no connector for Oracle Cloud Infrastructure, even though this appears in a video I have seen on the subject. Is there any way to get this in the trial version, or is the connector only available in the paid for version of Sentinel? Also, is there any documentation for setting up a connection between Sentinel and OCI for the purpose of collecting logs?

Thanks

Stephen Keating

Answer 1

@Stephen Keating Thank you for reaching out to us, As I understand you are looking for documentation to setup OCI (Oracle Cloud Infrastructure) with Microsoft Sentinel.

You can refer to these links, detailed steps have been provided here -

https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/oracle-cloud-infrastructure-using-azure-functions

https://docs.oracle.com/en/learn/oci-logs-ms-azure-sentinel/index.html#introduction

Not sure why you are not able to see OCI under Content hub, just like below, Billing is based on the volume of data analyzed in Microsoft Sentinel and stored in the Log Analytics workspace.

Let me know if the above links help you in configuring the OCI with Sentinel, if not we can connect offline to discuss further on the same.

Answer 2

Is there a data connector to ingest cloud events ( https://github.com/cloudevents/spec) data into sentinel ? I am trying to pull events from Oracle cloud events data via a OCI streamingend point.