You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-cloud-app-security.md
+13-14Lines changed: 13 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,19 +13,20 @@ ms.devlang: na
13
13
ms.topic: conceptual
14
14
ms.tgt_pltfrm: na
15
15
ms.workload: na
16
-
ms.date: 10/23/2019
16
+
ms.date: 03/24/2020
17
17
ms.author: yelevin
18
18
19
19
---
20
20
# Connect data from Microsoft Cloud App Security
21
21
22
22
23
23
24
-
You can stream logs from [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security)into Azure Sentinel with a single click. This connection enables you to stream the alerts from Cloud App Security into Azure Sentinel.
24
+
The [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security)(MCAS) connector lets you stream alerts and [Cloud Discovery logs](https://docs.microsoft.com/cloud-app-security/tutorial-shadow-it) from MCAS into Azure Sentinel. This will enable you to gain visibility into your cloud apps, get sophisticated analytics to identify and combat cyberthreats, and control how your data travels.
25
25
26
26
## Prerequisites
27
27
28
-
- User with global administrator or security administrator permissions
28
+
- Your user must have read and write permissions on the workspace.
29
+
- Your user must have Global Administrator or Security Administrator permissions on the workspace's tenant.
29
30
- To stream Cloud Discovery logs into Azure Sentinel, [enable Azure Sentinel as your SIEM in Microsoft Cloud App Security](https://aka.ms/AzureSentinelMCAS).
30
31
31
32
> [!IMPORTANT]
@@ -39,23 +40,21 @@ If you already have Cloud App Security, make sure it is [enabled on your network
39
40
If Cloud App Security is deployed and ingesting your data, the alert data can easily be streamed into Azure Sentinel.
40
41
41
42
42
-
1.In Azure Sentinel, select **Data connectors**, click the **Cloud App Security** tile and select **Open connector page**.
43
+
1.From the Azure Sentinel navigation menu, select **Data connectors**. From the list of connectors, click the **Microsoft Cloud App Security** tile, and then the **Open connector page** button on the lower right.
43
44
44
-
1. Select which logs you want to stream into Azure Sentinel, you can choose **Alerts** and **Cloud Discovery logs** (preview).
45
+
1. Select which logs you want to stream into Azure Sentinel; you can choose **Alerts** and **Cloud Discovery Logs** (preview).
45
46
46
-
1. Click **Connect**.
47
+
1. Click **Apply Changes**.
47
48
48
-
1. To use the relevant schema in Log Analytics for the Cloud App Security alerts, search for **SecurityAlert**.
49
+
1. To use the relevant schema in Log Analytics for Cloud App Security alerts, type `SecurityAlert` in the query window. For the Cloud Discovery logs schema, type `McasShadowItReporting`.
49
50
50
51
> [!NOTE]
51
-
> Cloud Discovery helps with detecting and identifying trends in the aggregate data underlying all of the user connections to cloud apps.
52
-
Since Cloud Discovery data is aggregated on a per-day basis, be aware that up to 24 hours' worth of the most recent data will not be reflected in Azure Sentinel.
53
-
In specific cases where more immediate data is required for a low-level investigation, it should be done directly in the source appliance or service where the raw data resides.
54
-
55
-
56
-
52
+
> Cloud Discovery helps detect and identify trends by aggregating the data underlying users' connections to cloud apps.
53
+
>
54
+
> Since Cloud Discovery data is aggregated on a per-day basis, be aware that up to 24 hours' worth of the most recent data will not be reflected in Azure Sentinel.
55
+
In the event that a low-level investigation requires more immediate data, it should be done directly in the source appliance or service where the raw data resides.
57
56
58
57
## Next steps
59
58
In this document, you learned how to connect Microsoft Cloud App Security to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
60
59
- Learn how to [get visibility into your data, and potential threats](quickstart-get-visibility.md).
61
-
- Get started [detecting threats with Azure Sentinel](tutorial-detect-threats.md).
60
+
- Get started detecting threats with Azure Sentinel, using [built-in](tutorial-detect-threats.md) or [custom](tutorial-detect-threats-custom.md) rules.
0 commit comments