Microsoft Sentinel Backend Integration

Integration Flow


  1. Get List of Valid Workspaces: The API retrieves a list of valid workspaces from Prancer PAC Enterprise, facilitated by the Commander Service using the GoLang SDK. Clients select workspaces for integration.

  2. Workspace Selection: Clients choose workspaces to persist in the connector, which is then stored in MongoDB for retrieval.

Push Logs


The process of pushing logs to Sentinel involves multiple steps, from pentest completion to log ingestion in Sentinel using the CEF standard log format. The Result Receiver Service plays a key role in this process, ensuring seamless log transfer to the customer's Sentinel workspace.

Sentinel Connector Format Example

  "fileType": "structure",
  "type": "sentinel",
  "connector": "azureconnector1",
  "workspaces": [
      "workspaceid": "<workspaceid>",
      "workspacename": "<workspacename>",
      "ResourceGroup": "<RG>"