ARGOS Cloud Security connector for Microsoft Sentinel

The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place. This enables you to easily create dashboards, alerts, and correlate events across multiple systems. Overall this will improve your organization's security posture and security incident response.

Connector attributes

Connector attribute	Description
Log Analytics table(s)	ARGOS_CL
Data collection rules support	Not currently supported
Supported by	ARGOS Cloud Security

Query samples

Display all exploitable ARGOS Detections.

ARGOS_CL

| where exploitable_b

Display all open, exploitable ARGOS Detections on Azure.

ARGOS_CL

| where exploitable_b and cloud_s == 'azure' and status_s == 'open'

Display all open, exploitable ARGOS Detections on Azure.

ARGOS_CL

| where exploitable_b and cloud_s == 'azure' and status_s == 'open'

| sort by TimeGenerated

Render a time chart with all open ARGOS Detections on Azure.

ARGOS_CL

| where cloud_s == 'azure' and status_s == 'open'

| summarize count() by TimeGenerated

| render timechart

Display Top 10, open, exploitable ARGOS Detections on Azure.

ARGOS_CL

| where cloud_s == 'azure' and status_s == 'open' and exploitable_b

| summarize count() by ruleId_s

| top 10 by count_

Vendor installation instructions

1. Subscribe to ARGOS

Ensure you already own an ARGOS Subscription. If not, browse to ARGOS Cloud Security and sign up to ARGOS.

Alternatively, you can also purchase ARGOS via the Azure Marketplace.

2. Configure Sentinel integration from ARGOS

Configure ARGOS to forward any new detections to your Sentinel workspace by providing ARGOS with your Workspace ID and Primary Key.

There is no need to deploy any custom infrastructure.

Enter the information into the ARGOS Sentinel configuration page.

New detections will automatically be forwarded.

Learn more about the integration

Next steps

For more information, go to the related solution in the Azure Marketplace.