Data Connector Types in Azure Sentinel

LXF 205 Reputation points
2024-06-03T06:40:23.7466667+00:00

Hello Community,

We've noted that there are various types of "Microsoft.SecurityInsights/dataConnectors," such as "RestApiPoller" and "GenericUI."

Our case is that our service is hosted on other clouds, and we aim to transmit our data to Azure Sentinel. We understand that for "RestApiPoller," data request configurations can be set in the "pollingConfig" section when composing a CCP solution. However, we are unsure how data is transmitted when the "kind" is "GenericUI."

So:

1/Could you provide details on what scenarios "GenericUI" is primarily used for?

2/Would it be applicable to our scenario?

3/If so, where should we define how data from third-party services is transmitted to Azure Sentinel when the dataConnector is "GenericUI"? Thank you!

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,159 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
385 questions
0 comments No comments
{count} vote

Accepted answer
  1. James Hamil 25,396 Reputation points Microsoft Employee
    2024-06-03T20:12:39.2033333+00:00

    Hi @LXF , the GenericUI data connector is primarily used for scenarios where data is ingested into Azure Sentinel through a custom user interface. This means that you can create a custom UI to collect data from your third-party services and then use the GenericUI data connector to send that data to Azure Sentinel. This should be applicable to your scenario if you have a custom user interface that collects data from your third-party services. You can use the data connector to send that data to Azure Sentinel.

    When using the GenericUI data connector, you will need to define how data is transmitted to Azure Sentinel in your custom user interface. You can use the Azure Sentinel REST API to send data to Azure Sentinel. You will need to create a custom solution in Azure Sentinel that uses the GenericUI data connector and then configure your custom user interface to send data to the REST API endpoint for that solution.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    2 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.