| title | description | author | ms.topic | ms.date | ms.service | ms.author | ms.collection |
|---|---|---|---|---|---|---|---|
Cognni connector for Microsoft Sentinel |
Learn how to install the connector Cognni to connect your data source to Microsoft Sentinel. |
cwatson-cat |
how-to |
04/26/2024 |
microsoft-sentinel |
cwatson |
sentinel-data-connector |
The Cognni connector offers a quick and simple integration with Microsoft Sentinel. You can use Cognni to autonomously map your previously unclassified important information and detect related incidents. This allows you to recognize risks to your important information, understand the severity of the incidents, and investigate the details you need to remediate, fast enough to make a difference.
This is autogenerated content. For changes, contact the solution provider.
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | CognniIncidents_CL |
| Data collection rules support | Not currently supported |
| Supported by | Cognni |
Get all incidents order by time
CognniIncidents_CL
| order by TimeGenerated desc Get high risk incidents
CognniIncidents_CL
| where Severity == 3Get medium risk incidents
CognniIncidents_CL
| where Severity == 2Get low risk incidents
CognniIncidents_CL
| where Severity == 1Connect to Cognni
- Go to Cognni integrations page
- Click 'Connect' on the 'Microsoft Sentinel' box
- Copy and paste 'workspaceId' and 'sharedKey' (from below) to the related fields on Cognni's integrations screen
- Click the 'Connect' botton to complete the configuration.
Soon, all your Cognni-detected incidents will be forwarded here (into Microsoft Sentinel)
Not a Cognni user? Join us
Shared Key
For more information, go to the related solution in the Azure Marketplace.