Connect data from Microsoft Cloud App Security
- 2 minutes to read
You can stream logs from Cloud App Security into Azure Sentinel with a single click. This connection enables you to stream the alerts from Cloud App Security into Azure Sentinel.
Prerequisites
- User with global administrator or security administrator permissions
- To stream Cloud Discovery logs into Azure Sentinel, enable Azure Sentinel as your SIEM in Microsoft Cloud App Security.
Important
Ingestion of Cloud Discovery logs is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
Connect to Cloud App Security
If you already have Cloud App Security, make sure it is enabled on your network. If Cloud App Security is deployed and ingesting your data, the alert data can easily be streamed into Azure Sentinel.
In Azure Sentinel, select Data connectors, click the Cloud App Security tile and select Open connector page.
Select which logs you want to stream into Azure Sentinel, you can choose Alerts and Cloud Discovery logs (preview).
Click Connect.
To use the relevant schema in Log Analytics for the Cloud App Security alerts, search for SecurityAlert.
Next steps
In this document, you learned how to connect Microsoft Cloud App Security to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
Feedback
Loading feedback...