Answer-first summary for fast verification
Answer: Azure Event Hubs
To send security events from Microsoft Sentinel to Splunk, the recommended solution is to use Azure Event Hubs. The reason is that Microsoft Sentinel does not have a built-in data connector specifically designed for sending data to Splunk. Instead, Azure Event Hubs can be used as an intermediary to stream the security events from Sentinel to Splunk. This approach allows for reliable and scalable event streaming, ensuring that all relevant security events are forwarded from Sentinel to Splunk for further analysis. The other options (Microsoft Sentinel data connector, Microsoft Sentinel workbook, and Azure Data Factory) are not suitable for this scenario as they do not provide the required functionality for sending security events from Microsoft Sentinel to Splunk.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company utilizes a third-party security information and event management (SIEM) solution combining Splunk and Microsoft Sentinel to monitor and analyze security events. Given your intention to integrate Microsoft Sentinel with Splunk, you need to devise a solution that facilitates the transmission of security events from Microsoft Sentinel to Splunk. What should your recommendation include to achieve this integration?
A
a Microsoft Sentinel data connector
B
Azure Event Hubs
C
a Microsoft Sentinel workbook
D
Azure Data Factory
No comments yet.