Редагувати

Поділитися через


IONIX Security Logs connector for Microsoft Sentinel

The IONIX Security Logs data connector, ingests logs from the IONIX system directly into Sentinel. The connector allows users to visualize their data, create alerts and incidents and improve security investigations.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) CyberpionActionItems_CL
Data collection rules support Not currently supported
Supported by IONIX

Query samples

Fetch latest Action Items that are currently open

let lookbackTime = 14d;
let maxTimeGeneratedBucket = toscalar(
CyberpionActionItems_CL 

| where TimeGenerated > ago(lookbackTime)

| summarize max(bin(TimeGenerated, 1h))
);
CyberpionActionItems_CL

| where TimeGenerated > ago(lookbackTime) and is_open_b == true

| where bin(TimeGenerated, 1h) == maxTimeGeneratedBucket

Prerequisites

To integrate with IONIX Security Logs make sure you have:

Vendor installation instructions

Follow the instructions to integrate IONIX Security Alerts into Sentinel.

Next steps

For more information, go to the related solution in the Azure Marketplace.