A NEW built-in migration tool, now generally available within Microsoft Sentinel, supports both Splunk Enterprise and Splunk Cloud editions.
This SIEM migration tool seamlessly translates SPL into the Kusto Query Language (KQL) for each rule.
What's Available Today?
Translation of simple queries from a single data source.
Access to direct translations with our "Splunk to Kusto Cheat Sheet."
Capability to review and edit translated query error feedback to streamline the detection rule translation process.
Tracking of translated queries with a completeness status and translation states.
What’s Coming Up Next?
Translation support from the Splunk Common Information Model (CIM) to Microsoft Sentinel's Advanced Security Information Model (ASIM).
Enhanced support for Splunk macros and lookups.
Advanced translation of complex correlation logic across multiple data sources.
Want to learn more?
BY:
José Lázaro Pinos,
Global Head of Consulting - VP,
Performanta
Comentarios