Azure Sentinel

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.

Integration with LogicHub

Connecting with Azure Sentinel

To connect with Azure Sentinel following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Tenant ID: Tenant/directory ID for Azure Sentinel.
  • Client ID: Client id for Azure Sentinel.
  • Client Secret: Client secret for Azure Sentinel.

Actions with Azure Sentinel

Execute Query

Executes an analytics query for data.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Workspace ID Column Name: Column name from the parent table that contains the ID of the workspace.
  • Query Column Name: Column name from the parent table that contains the query to execute. Example: Usage | take 10.
  • Start Date Column Name (Optional): Column name from the parent table that contains start date. Example: YYYY-MM-DD (default is last 30 Days).
  • End Date Column Name: Column name from the parent table that contains end date. Example: YYYY-MM-DD (default is the last 30 days).

Output of action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: Query Result

Did this page help you?