ZeroFox Enterprise - Alerts (Polling CCP) connector for Microsoft Sentinel
Collects alerts from ZeroFox API.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | ZeroFox |
Query samples
List all ZeroFox alerts
{{graphQueriesTableName}}
| sort by TimeGenerated asc
Count alerts by network type
{{graphQueriesTableName}}
| summarize Count = count() by ThreatSource=network_s
Count alerts by entity
{{graphQueriesTableName}}
| summarize Count = count() by Entity=entity_name_s
Prerequisites
To integrate with ZeroFox Enterprise - Alerts (Polling CCP) make sure you have:
- ZeroFox Personal Access Token (PAT): A ZeroFox PAT is required. You can get it in Data Connectors > API Data Feeds.
Vendor installation instructions
Connect ZeroFox to Microsoft Sentinel
Provide your ZeroFox PAT
Next steps
For more information, go to the related solution in the Azure Marketplace.