Connect data from Microsoft Cloud App Security

You can stream logs from Cloud App Security into Azure Sentinel with a single click. This connection enables you to stream the alerts from Cloud App Security into Azure Sentinel.

Prerequisites

Important

Ingestion of Cloud Discovery logs is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

Connect to Cloud App Security

If you already have Cloud App Security, make sure it is enabled on your network. If Cloud App Security is deployed and ingesting your data, the alert data can easily be streamed into Azure Sentinel.

  1. In Azure Sentinel, select Data connectors, click the Cloud App Security tile and select Open connector page.

  2. Select which logs you want to stream into Azure Sentinel, you can choose Alerts and Cloud Discovery logs (preview).

  3. Click Connect.

  4. To use the relevant schema in Log Analytics for the Cloud App Security alerts, search for SecurityAlert.

Next steps

In this document, you learned how to connect Microsoft Cloud App Security to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: