[Symantec Endpoint Security] Azure Blob Storage

[jamiehynds]

Our Symantec Endpoint Security integration supports ingest via cloud storage such as S3 and GCS, however Azure Blob Storage is not currently supported (possibly an oversight).

Can we add the Azure Blob Storage input to the SES integration, to ensure all 3 cloud providers object storage are supported?

We'll need to ensure that the alert/event format aligns with the format expected by our integration. To validate this, a customer has provided log samples which I can provide privately.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[ShourieG]

@jamiehynds, so at the moment only the event data stream has support for s3 & gcs while the incident data stream only supports CEL. Do we want support for azure blob storage in both data streams or only for event data stream ?