Audit and track sensitive data, user activities and actions and ingest logs and associated events into SIEMs including Microsoft Sentinel and Splunk with the User Activity Monitor.
How to enable Security Information and Event Management (SIEM)
- Navigate to NC Protect's administration portal
- Click General and select the User Activity Monitoring link
- Locate and Enable security information and event management (SIEM) option
- Click the Configure button (this button appears only when the SIEM option is enabled)
- Select the SIEM Application you want to configure
- The connection details will vary, depending on which application you selected above:
- Configure Azure Sentinel
- Configure Splunk
- Click Save on the User Activity Monitoring page to confirm your changes and enable SIEM integration