How to get details of all data connectors and data source?

Sayooj Santhosh 0 Reputation points
2024-09-05T04:05:08.4566667+00:00

Is there any kql to get all the details data source and their data type with their current status. Is it possible to get those details?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,122 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Clive Watson 6,351 Reputation points MVP
    2024-09-05T08:39:34.9233333+00:00

    This data is in SentinelHealth - if you have that enabled but its not for all Connectors

    source: https://learn.microsoft.com/en-us/azure/sentinel/monitor-data-connector-health#supported-data-connectors

    Otherwise you need to use the api to access Data Connector info (and ingest the results to use KQL) or use a Workbook.

    SentinelHealth
    | where SentinelResourceType == "Data connector"
    | extend ConnectorDataType_ = tostring(ExtendedProperties.ConnectorDataType)
    | extend DestinationTable_ = tostring(ExtendedProperties.DestinationTable)
    | summarize make_set(DestinationTable_), arg_max(TimeGenerated, Status, Description, OperationName, SentinelResourceType, ExtendedProperties) by SentinelResourceKind
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.