I am new to Splunk and would really appreciate some guidance or advice on how to do the following:
We got different DLP alerts in different consoles, each console with different API capabilities.The alerts are logged in Microsoft Purview, (a.k.a. the Compliance Center), in Microsoft Defender for Cloud Apps, Microsoft 365 Defender and Splunk.My problem is how do we get the necessary data out of any of these consoles? I'd like to know if Splunk has something tying them all together.
I wish to build a search/report that correlates them; linking together certain fields of each source type to create a report and to generate an email that includes alert details and a copy of the content that created the detection.
Please help
... View more