You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/siem-migration.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,10 +6,12 @@ author: austinmccollum
6
6
ms.topic: how-to
7
7
ms.date: 3/11/2024
8
8
ms.author: austinmc
9
+
appliesto:
10
+
- Microsoft Sentinel in the Azure portal
9
11
#customer intent: As an SOC administrator, I want to use the SIEM migration experience so I can migrate to Microsoft Sentinel.
10
12
---
11
13
12
-
# Migrate to Microsoft Sentinel with the SIEM migration experience (preview)
14
+
# Migrate to Microsoft Sentinel with the SIEM migration experience
13
15
14
16
Migrate your SIEM to Microsoft Sentinel for all your security monitoring use cases. Automated assistance from the SIEM Migration experience simplifies your migration.
15
17
@@ -39,27 +41,25 @@ You need the following on the target, Microsoft Sentinel:
39
41
40
42
At the core of Splunk detection rules is the Search Processing Language (SPL). The SIEM migration experience systematically translates SPL to Kusto query language (KQL) for each Splunk rule. Carefully review translations and make adjustments to ensure migrated rules function as intended in your Microsoft Sentinel workspace. For more information on the concepts important in translating detection rules, see [migrate Splunk detection rules](migration-splunk-detection-rules.md).
41
43
42
-
Capabilities in public preview:
44
+
Current capabilities:
43
45
44
46
- Translate simple queries with a single data source
45
47
- Direct translations listed in the article, [Splunk to Kusto cheat sheet](/azure/data-explorer/kusto/query/splunk-cheat-sheet)
46
48
- Review translated query error feedback with edit capability to save time in the detection rule translation process
49
+
- Translated queries feature a completeness status with translation states
47
50
48
51
Here are some of the priorities that are important to us as we continue to develop the translation technology:
49
52
50
53
- Splunk Common Information Model (CIM) to Microsoft Sentinel's Advanced Security Information Model (ASIM) translation support
51
-
- Translated queries feature a completeness status with translation states
52
-
- Multiple data sources and index
53
-
- Rule correlations
54
-
- Support for macros
55
-
- Support for lookups
56
-
- Complex queries with joins
54
+
- Translation of complex correlation logic that queries and correlates events across multiple data sources
55
+
- Support for Splunk macros
56
+
- Support for Splunk lookups
57
57
58
58
## Start the SIEM migration experience
59
59
60
60
1. Navigate to Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.
61
61
62
-
1. Select **SIEM Migration (Preview)**.
62
+
1. Select **SIEM Migration**.
63
63
64
64
:::image type="content" source="media/siem-migration/siem-migration-experience.png" alt-text="Screenshot showing content hub with menu item for the SIEM migration experience.":::
0 commit comments