LastPass Enterprise - Reporting (Polling CCP) connector for Microsoft Sentinel
The LastPass Enterprise connector provides the capability to LastPass reporting (audit) logs into Microsoft Sentinel. The connector provides visibility into logins and activity within LastPass (such as reading and removing passwords).
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | The Collective Consulting |
Query samples
Password moved to shared folders
{{graphQueriesTableName}}
| where Action_s == "Move to Shared Folder"
| extend AccountCustomEntity = Username_s, IPCustomEntity = IP_Address_s, URLCustomEntity = Data_s, TimestampCustomEntity = todatetime(Time_s)
Prerequisites
To integrate with LastPass Enterprise - Reporting (Polling CCP) make sure you have:
- LastPass API Key and CID: A LastPass API key and CID are required. See the documentation to learn more about LastPass API.
Vendor installation instructions
Connect LastPass Enterprise to Microsoft Sentinel
Provide the LastPass Provisioning API Key.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for