Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyse large volumes of data across an enterprise.
- 1.Get API key from - https://console.clouddefenseai.com/profile-management
- 2.Now in your Azure Sentinel, we will use the Microsoft Management Agent (MMA) feature.
- 3.Let’s configure HTTP Data Source for showing a list of vulnerabilities in any specific application
- 4.Use this API endpoint with Application ID in end, to get list of all vulnerabilities, https://console.clouddefenseai.com/api-v2/integrations/application/584174528, you also need to send 1 header with key “apikey” and you can obtain your api key from - https://console.clouddefenseai.com/profile-management
- 5.Now, you can configure your parser / schema within Azure Sentinel, to access different key / values from json.
For more detailed information visit this - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/sending-rest-api-data-to-azure-sentinel/ba-p/558896
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article