Acronis Cyber Protect Cloud integration with Microsoft Sentinel
Acronis supports core event format - CEF (Common Event Format), enabling MSPs to work with the data sent by the integration out of the box. Alerts are pre-formatted on Acronis side and don't require MSP to create any additional rules on SIEM side.
It's very easy to enable the integration by providing server and client certificates, establishing connection to the dedicated syslog server and specifying the server port.
Integration allows MSPs to select which customer tenants in Acronis should send alerts to SIEM. Since alerts are sent to the same MS Sentinel instance, it's possible to run correlation, threat hunting and perform investigation for all customers in the same console. It also empowers MSPs to search for threats, that were discovered on one workload in one customer tenant, in other customers environments.
It is possible to select which alerts should be sent to MS Sentinel. With this functionality, MSPs benefit from reducing the amount of sent to MS Sentinel alerts and, therefore, lower Azure storage consumption. MSPs can select and work only with the data that is necessary.