Audit and track sensitive data, user activities and actions and ingest logs and associated events into SIEMs including Microsoft Sentinel and Splunk with the User Activity Monitor.
How to enable Security Information and Event Management (SIEM)
- Navigate to NC Protect's administration portal
- Click General and select the User Activity Monitoring link
- Locate and Enable security information and event management (SIEM) option
- Click the Configure button (this button appears only when the SIEM option is enabled)
- Select the SIEM Application you want to configure
- The connection details will vary, depending on which application you selected above:
- Configure Azure Sentinel
- Select the Cloud Platform
- Enter your Azure Log Analytics Workspace ID
- Enter your Azure Log Analytics Workspace Primary Key
- Click Save to verify the connection details
- Configure Splunk
- Enter the Host address
- Enter the Port number
- Enter your Access Token
- Click Verify to confirm the connection details
- Click Save to return to the User Activity Monitoring settings
- Configure Azure Sentinel
- Click Save on the User Activity Monitoring page to confirm your changes and enable SIEM integration
