Azure Sentinel

Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyse large volumes of data across an enterprise.

  1. Get API key from - https://console.clouddefenseai.com/profile-management

  2. Now in your Azure Sentinel, we will use the Microsoft Management Agent (MMA) feature.

  3. Let’s configure HTTP Data Source for showing a list of vulnerabilities in any specific application

  4. Use this API endpoint with Application ID in end, to get list of all vulnerabilities, https://console.clouddefenseai.com/api-v2/integrations/application/584174528, you also need to send 1 header with key “apikey” and you can obtain your api key from - https://console.clouddefenseai.com/profile-management

  5. Now, you can configure your parser / schema within Azure Sentinel, to access different key / values from json.

For more detailed information visit this - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/sending-rest-api-data-to-azure-sentinel/ba-p/558896

PreviousSIEMNextIBM Qradar

Last updated