Cognni connector for Microsoft Sentinel
The Cognni connector offers a quick and simple integration with Microsoft Sentinel. You can use Cognni to autonomously map your previously unclassified important information and detect related incidents. This allows you to recognize risks to your important information, understand the severity of the incidents, and investigate the details you need to remediate, fast enough to make a difference.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | CognniIncidents_CL |
Data collection rules support | Not currently supported |
Supported by | Cognni |
Query samples
Get all incidents order by time
CognniIncidents_CL
| order by TimeGenerated desc
Get high risk incidents
CognniIncidents_CL
| where Severity == 3
Get medium risk incidents
CognniIncidents_CL
| where Severity == 2
Get low risk incidents
CognniIncidents_CL
| where Severity == 1
Vendor installation instructions
Connect to Cognni
- Go to Cognni integrations page
- Click 'Connect' on the 'Microsoft Sentinel' box
- Copy and paste 'workspaceId' and 'sharedKey' (from below) to the related fields on Cognni's integrations screen
- Click the 'Connect' botton to complete the configuration.
Soon, all your Cognni-detected incidents will be forwarded here (into Microsoft Sentinel)
Not a Cognni user? Join us
Shared Key
Next steps
For more information, go to the related solution in the Azure Marketplace.
Phản hồi
https://aka.ms/ContentUserFeedback.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem:Gửi và xem ý kiến phản hồi dành cho