People,
I'm trying to figure out how to build a pipeline to feed telemetry from SolarWinds into Microsoft Sentinel SIEM for correlating system alerts.
Would it be possible to achieve this using SolarWinds Observability Self-Hosted?
Depending on the data, the assumption would be that the focus is on specific metrics related to what SolarWinds is polling. There is no streamlined process for pulling the data and sending it to Microsoft Sentinel. In theory, you can use the Orion SDK to make a SWIS API call to pull the data, but time would need to be spent on what data, whether it is possible to pull the data (if available), and then build scripting around it to pull it at some interval.
For now, we've taken this post and pulled this post into our feature request that a native integration would be a much cleaner and easier solution.
