Microsoft Sentinel
The data source type for Microsoft Sentinel collects alerts that are forwarded from Microsoft Sentinel.
To integrate Microsoft Sentinel with the QRadar® platform,
complete the following steps:
- To send alerts from your Microsoft Sentinel platform, configure your Log Analytics workspace in Microsoft Azure. For more information, see Configure your Log Analytics workspace in Microsoft Azure.
- Add a Microsoft Sentinel data source.
When you configure the data source, use the Universal Cloud REST API connector to pull alerts from Microsoft Sentinel.
For more information about adding a data source, see Adding ingestion data sources.
- Optional: If you want to enable federated search for your Microsoft Sentinel platform, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.
If you are an IBM® QRadar user, see Terminology changes for QRadar customers.