Exercise 2: Verify the Splunk migration

Now that the Splunk data rules have been imported into Azure Sentinel and converted it’s important to verify that the rules have been configured correctly prior to being enabled. This task is an important part of the Splunk data rules import and conversion process and should be completed prior to enabling any migrated Splunk rules.

1. Verify the Splunk data migration into Sentinel
2. Enable migrated Splunk rules in Sentinel

Exercise 2: Verify the Splunk migration

Table of contents