You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Sentinel.
1332
+
The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Microsoft Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Microsoft Sentinel.
1333
1333
1334
1334
[→ View full connector details](connectors/cyerafunctionsconnector.md)
1335
1335
1336
1336
---
1337
1337
1338
-
### [Cyera DSPM Azure Sentinel Data Connector](connectors/cyeradspmccf.md)
1338
+
### [Cyera DSPM Microsoft Sentinel Data Connector](connectors/cyeradspmccf.md)
The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
1346
+
The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once received can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
1347
1347
1348
1348
[→ View full connector details](connectors/cyeradspmccf.md)
1349
1349
@@ -3841,6 +3841,20 @@ The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest se
3841
3841
3842
3842
---
3843
3843
3844
+
### [SOC Prime Platform Audit Logs Data Connector](connectors/socprimeauditlogsdataconnector.md)
3845
+
3846
+
**Publisher:** Microsoft
3847
+
3848
+
**Solution:**[SOC Prime CCF](solutions/soc-prime-ccf.md)
3849
+
3850
+
**Tables (1):**`SOCPrimeAuditLogs_CL`
3851
+
3852
+
The [SOC Prime Audit Logs](https://help.socprime.com/en/articles/6265791-api) data connector allows ingesting logs from the SOC Prime Platform API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SOC Prime Platform API to fetch SOC Prime platform audit logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table, thus resulting in better performance.
3853
+
3854
+
[→ View full connector details](connectors/socprimeauditlogsdataconnector.md)
Copy file name to clipboardExpand all lines: Tools/Solutions Analyzer/connector-docs/connectors/beyondtrustpmcloud.md
+45Lines changed: 45 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,4 +14,49 @@ The BeyondTrust Privilege Management Cloud data connector provides the capabilit
14
14
15
15
This connector uses Azure Functions to pull data from the BeyondTrust PM Cloud API and ingest it into custom Log Analytics tables.
16
16
17
+
## Permissions
18
+
19
+
**Resource Provider Permissions:**
20
+
-**Workspace** (Workspace): read and write permissions on the workspace are required.
21
+
-**Keys** (Workspace): read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).
22
+
23
+
**Custom Permissions:**
24
+
-**Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/).
25
+
-**BeyondTrust PM Cloud API credentials**: BeyondTrust PM Cloud OAuth Client ID and Client Secret are required. Contact BeyondTrust support for API access.
26
+
27
+
## Setup Instructions
28
+
29
+
> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
30
+
31
+
>**NOTE:** This connector uses Azure Functions to connect to the BeyondTrust PM Cloud API to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
32
+
33
+
>**NOTE:** This connector uses the OAuth 2.0 client credentials flow to authenticate with the BeyondTrust PM Cloud API.
34
+
35
+
**1. STEP 1 - Obtain BeyondTrust PM Cloud API credentials**
36
+
37
+
Contact BeyondTrust support to obtain OAuth API credentials (Client ID and Client Secret) for accessing the BeyondTrust PM Cloud API.
38
+
39
+
**2. STEP 2 - Deploy the connector and the associated Azure Function**
40
+
41
+
Use this method for automated deployment of the BeyondTrust PM Cloud data connector using an ARM Template.
42
+
43
+
1. Click the **Deploy to Azure** button below.
44
+
45
+
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FBeyondTrustPMCloud%2FData%2520Connectors%2Fazuredeploy_BeyondTrustPMCloud_API_FunctionApp.json)
46
+
2. Select the preferred **Subscription**, **Resource Group** (must contain your Log Analytics workspace), and **Location**.
47
+
3. Enter the required parameters:
48
+
-**Workspace Name**: Name of your Log Analytics workspace (e.g., `beyondtrust-pmcloud`)
49
+
-**BeyondTrust PM Cloud Base URL**: Your tenant URL (e.g., `https://yourcompany.beyondtrustcloud.com`)
50
+
-**BeyondTrust Client ID**: OAuth Client ID from Step 1
51
+
-**BeyondTrust Client Secret**: OAuth Client Secret from Step 1
52
+
-**Activity Audits Polling Interval**: How often to collect Activity Audits (default: 15 minutes)
53
+
-**Client Events Polling Interval**: How often to collect Client Events (default: 5 minutes)
54
+
-**Log Level**: Logging level for troubleshooting (default: Information)
55
+
-**Historical Data Timeframe**: How far back to collect data on first run (default: 1 day)
56
+
4. Review advanced settings (Hosting Plan SKU, Storage Account Type) and adjust if needed.
57
+
5. Mark the checkbox labeled **I agree to the terms and conditions stated above**.
58
+
6. Click **Purchase** to deploy.
59
+
7. The deployment creates all required resources: Function App, Storage Account, Data Collection Endpoint, Data Collection Rules, and custom Log Analytics tables.
60
+
8. Data should begin flowing within 15-30 minutes of deployment.
61
+
17
62
[← Back to Connectors Index](../connectors-index.md)
The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
11
+
The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once received can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Sentinel.
11
+
The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Microsoft Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Microsoft Sentinel.
12
12
13
13
## Permissions
14
14
@@ -36,7 +36,7 @@ The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera
36
36
> Before deploying, have these values handy:
37
37
-**Cyera Function Connector Name**: `CyeraDSPMConnector`
38
38
> *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
39
-
-**Workspace Name**: `{{workspace}}`
39
+
-**Workspace Name**: `{{workspace-location}}`
40
40
> *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
41
41
-**Workspace Location**: `{{workspace-location}}`
42
42
> *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments