ARGOS Cloud Security connector for Microsoft Sentinel
The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place. This enables you to easily create dashboards, alerts, and correlate events across multiple systems. Overall this will improve your organization's security posture and security incident response.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | ARGOS_CL |
| Data collection rules support | Not currently supported |
| Supported by | ARGOS Cloud Security |
Query samples
Display all exploitable ARGOS Detections.
ARGOS_CL
| where exploitable_b
Display all open, exploitable ARGOS Detections on Azure.
ARGOS_CL
| where exploitable_b and cloud_s == 'azure' and status_s == 'open'
Display all open, exploitable ARGOS Detections on Azure.
ARGOS_CL
| where exploitable_b and cloud_s == 'azure' and status_s == 'open'
| sort by TimeGenerated
Render a time chart with all open ARGOS Detections on Azure.
ARGOS_CL
| where cloud_s == 'azure' and status_s == 'open'
| summarize count() by TimeGenerated
| render timechart
Display Top 10, open, exploitable ARGOS Detections on Azure.
ARGOS_CL
| where cloud_s == 'azure' and status_s == 'open' and exploitable_b
| summarize count() by ruleId_s
| top 10 by count_
Vendor installation instructions
- Subscribe to ARGOS
Ensure you already own an ARGOS Subscription. If not, browse to ARGOS Cloud Security and sign up to ARGOS.
Alternatively, you can also purchase ARGOS via the Azure Marketplace.
- Configure Sentinel integration from ARGOS
Configure ARGOS to forward any new detections to your Sentinel workspace by providing ARGOS with your Workspace ID and Primary Key.
There is no need to deploy any custom infrastructure.
Enter the information into the ARGOS Sentinel configuration page.
New detections will automatically be forwarded.
Learn more about the integration
Next steps
For more information, go to the related solution in the Azure Marketplace.