You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/siem-migration.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,8 +33,8 @@ You need the following from the source SIEM:
33
33
You need the following on the target, Microsoft Sentinel:
34
34
35
35
- The SIEM migration experience deploys analytics rules. This capability requires the **Microsoft Sentinel Contributor** role. For more information, see [Permissions in Microsoft Sentinel](roles.md).
36
-
- Ingest security data previously used in your source SIEM into Microsoft Sentinel by enabling an out-of-the-box (OOTB) data connector.
37
-
- If the data connector isn't installed yet, find the relevant solution in **Content hub**.
36
+
- Ingest security data previously used in your source SIEM into Microsoft Sentinel. Install and enable out-of-the-box (OOTB) data connectors to match your security monitoring estate from your source SIEM. [MULTIPLE]
37
+
- If the data connectors aren't installed yet, find the relevant solutions in **Content hub**.
38
38
- If no data connector exists, create a custom ingestion pipeline.<br>For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md) or [Custom data ingestion and transformation](data-transformation.md).
39
39
40
40
## Translate Splunk detection rules
@@ -51,9 +51,9 @@ Current capabilities:
51
51
Here are some of the priorities that are important to us as we continue to develop the translation technology:
52
52
53
53
- Splunk Common Information Model (CIM) to Microsoft Sentinel's Advanced Security Information Model (ASIM) translation support
54
-
- Translation of complex correlation logic that queries and correlates events across multiple data sources
55
54
- Support for Splunk macros
56
-
- Support for Splunk lookups
55
+
- Support for Splunk lookups
56
+
- Translation of complex correlation logic that queries and correlates events across multiple data sources
57
57
58
58
## Start the SIEM migration experience
59
59
@@ -113,7 +113,7 @@ Here are some of the priorities that are important to us as we continue to devel
113
113
114
114
The following resources are deployed:
115
115
- For all OOTB matches, the corresponding solutions with the matched analytics rule are installed, and the matched rules are deployed as active analytics rules.
116
-
- All custom rules translated to Sentinel analytics rules are deployed as active analytics rules.
116
+
- All custom rules translated to Sentinel analytics rules are deployed as active analytics rules in the disabled state.
117
117
118
118
1. Before exiting the SIEM Migration experience, **Download Migration Summary** to keep a summary of the Analytics deployment.
0 commit comments