Theom connector for Microsoft Sentinel
Theom Data Connector enables organizations to connect their Theom environment to Microsoft Sentinel. This solution enables users to receive alerts on data security risks, create and enrich incidents, check statistics and trigger SOAR playbooks in Microsoft Sentinel
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | TheomAlerts_CL |
| Data collection rules support | Not currently supported |
| Supported by | Theom |
Query samples
All alerts in the past 24 hour
TheomAlerts_CL
| where TimeGenerated > ago(24h)
| sort by TimeGenerated
| limit 10
Vendor installation instructions
- In Theom UI Console click on Manage -> Alerts on the side bar.
- Select Sentinel tab.
- Click on Active button to enable the configuration.
- Enter
Primarykey asAuthorization Token - Enter
Endpoint URLashttps://<Workspace ID>.ods.opinsights.azure.com/api/logs?api-version=2016-04-01 - Click on
SAVE SETTINGS
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for