CITRIX SECURITY ANALYTICS connector for Microsoft Sentinel
Citrix Analytics (Security) integration with Microsoft Sentinel helps you to export data analyzed for risky events from Citrix Analytics (Security) into Microsoft Sentinel environment. You can create custom dashboards, analyze data from other sources along with that from Citrix Analytics (Security) and create custom workflows using Logic Apps to monitor and mitigate security events.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | CitrixAnalytics_indicatorSummary_CL CitrixAnalytics_indicatorEventDetails_CL CitrixAnalytics_riskScoreChange_CL CitrixAnalytics_userProfile_CL |
Data collection rules support | Not currently supported |
Supported by | Citrix Systems |
Query samples
High Risk Users
CitrixAnalytics_userProfile_CL
| where cur_riskscore_d > 64
| where cur_riskscore_d < 100
| summarize arg_max(TimeGenerated, cur_riskscore_d) by entity_id_s
| count
Medium Risk Users
CitrixAnalytics_userProfile_CL
| where cur_riskscore_d > 34
| where cur_riskscore_d < 63
| summarize arg_max(TimeGenerated, cur_riskscore_d) by entity_id_s
| count
Low Risk Users
CitrixAnalytics_userProfile_CL
| where cur_riskscore_d > 1
| where cur_riskscore_d < 33
| summarize arg_max(TimeGenerated, cur_riskscore_d) by entity_id_s
| count
Prerequisites
To integrate with CITRIX SECURITY ANALYTICS make sure you have:
- Licensing: Entitlements to Citrix Security Analytics in Citrix Cloud. Please review Citrix Tool License Agreement.
Vendor installation instructions
To get access to this capability and the configuration steps on Citrix Analytics, please visit: Connect Citrix to Microsoft Sentinel.
Next steps
For more information, go to the related solution.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for