Microsoft Sentinel Backend Integration

Integration Flow

../img/thirdpartyintegration/Tip1.png

  1. Get List of Valid Workspaces: The API retrieves a list of valid workspaces from Prancer PAC Enterprise, facilitated by the Commander Service using the GoLang SDK. Clients select workspaces for integration.

  2. Workspace Selection: Clients choose workspaces to persist in the connector, which is then stored in MongoDB for retrieval.

Push Logs

../img/thirdpartyintegration/Tip2.png

The process of pushing logs to Sentinel involves multiple steps, from pentest completion to log ingestion in Sentinel using the CEF standard log format. The Result Receiver Service plays a key role in this process, ensuring seamless log transfer to the customer's Sentinel workspace.

Sentinel Connector Format Example

{
  "fileType": "structure",
  "type": "sentinel",
  "connector": "azureconnector1",
  "workspaces": [
    {
      "workspaceid": "<workspaceid>",
      "workspacename": "<workspacename>",
      "ResourceGroup": "<RG>"
    }
  ]
}