Connect data from Microsoft Cloud App Security
You can stream logs from Cloud App Security into Azure Sentinel with a single click. This connection enables you to stream the alerts from Cloud App Security into Azure Sentinel.
- User with global administrator or security administrator permissions
- To stream Cloud Discovery logs into Azure Sentinel, enable Azure Sentinel as your SIEM in Microsoft Cloud App Security.
Connect to Cloud App Security
If you already have Cloud App Security, make sure it is enabled on your network. If Cloud App Security is deployed and ingesting your data, the alert data can easily be streamed into Azure Sentinel.
In Azure Sentinel, select Data connectors, click the Cloud App Security tile and select Open connector page.
Select which logs you want to stream into Azure Sentinel, you can choose Alerts and Cloud Discovery logs (preview).
To use the relevant schema in Log Analytics for the Cloud App Security alerts, search for SecurityAlert.
In this document, you learned how to connect Microsoft Cloud App Security to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.