You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/create-push-codeless-connector.md
+22-13Lines changed: 22 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,25 @@ CCF Push provide several key benefits:
25
25
-**Template-based provisioning:** Deployment creates ARM templates for DCRs, custom tables, Entra application registration, and client secrets - you receive the connection details to configure in your sending application
26
26
-**Secure authentication:** Uses Microsoft Entra applications with OAuth 2.0 for secure data submission
27
27
28
+
29
+
## Prerequisites
30
+
31
+
- Before you begin, you must have access to the Azure-Sentinel GitHub repository for packaging tools.
32
+
- Microsoft Entra permissions:
33
+
- Permission to create an app registration in Microsoft Entra ID. Typically requires Entra ID Application Developer role or higher.
34
+
- Permission to create an application with secrets. Note: The connector fails if Entra applications can't be created with secrets due to security reasons.
35
+
- Microsoft Azure permissions:
36
+
- Permission to assign Monitoring Metrics Publisher role on data collection rule (DCR). Typically requires Azure RBAC Owner or User Access Administrator role.
37
+
### Prerequisites
38
+
39
+
- Before you begin, you must have access to the Azure-Sentinel GitHub repository for packaging tools.
40
+
- Microsoft Entra permissions:
41
+
- Permission to create an app registration in Microsoft Entra ID. Typically requires Entra ID Application Developer role or higher.
42
+
- Permission to create an application with secrets. Note: The connector fails if Entra applications can't be created with secrets due to security reasons.
43
+
- Microsoft Azure permissions:
44
+
- Permission to assign Monitoring Metrics Publisher role on data collection rule (DCR). Typically requires Azure RBAC Owner or User Access Administrator role.
45
+
46
+
28
47
## How CCF push works
29
48
30
49
@@ -507,7 +526,7 @@ Example:
507
526
508
527
509
528
510
-
## Building Your First Push Connector - a simple example
529
+
## Building Your First Push Connector
511
530
512
531
In this example, we build a simple push connector that sends security alerts from your application to Sentinel.
513
532
@@ -526,17 +545,7 @@ Event structure will be sent by your application:
526
545
}
527
546
```
528
547
529
-
### Prerequisites
530
-
531
-
- Before you begin, you must have access to the Azure-Sentinel GitHub repository for packaging tools.
532
-
- Microsoft Entra permissions:
533
-
- Permission to create an app registration in Microsoft Entra ID. Typically requires Entra ID Application Developer role or higher.
534
-
- Permission to create an application with secrets. Note: The connector fails if Entra applications can't be created with secrets due to security reasons.
535
-
- Microsoft Azure permissions:
536
-
- Permission to assign Monitoring Metrics Publisher role on data collection rule (DCR). Typically requires Azure RBAC Owner or User Access Administrator role.
537
-
538
-
539
-
548
+
### Step-by-step guide to create the push connector
540
549
541
550
1. Clone the Azure-Sentinel Repository
542
551
@@ -1072,7 +1081,7 @@ Event structure will be sent by your application:
1072
1081
1073
1082
**Python Example Application Code:**
1074
1083
1075
-
The following example uses placeholder values like <Your-Tenant-ID>. You must replace these with secure references to your actual credentials.
1084
+
The following example uses placeholder values like \<Your-Tenant-ID\>. You must replace these with secure references to your actual credentials.
0 commit comments