Forum Discussion
Sidra_Raza
May 07, 2024Brass Contributor
Cisco Secure Endpoint connector integration in sentinel
Hello,
I am trying to send logs of Cisco AMP/secure endpoint to sentinel. I have select the ARM template deployment method. But I am not able to understand what exactly is "App insights workspace resource ID" that is highlighted in below image. I have not created any Application Insights and don't know much about it. Can anyone help?
- Application Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.
- CalebJ335Copper Contributor
Sidra_Raza Were you ever able to get the connector for Cisco Secure Endpoint to work? I am trying to integrate our information into Sentinel, but I am apparently doing something incorrectly. Would you mind sharing what you did if you were able to get it to work?
- Clive_WatsonBronze ContributorThere was a change made 4mths ago, to get off of teh legacy App Insights. Are you using the version from the Content Hub? https://github.com/Azure/Azure-Sentinel/blob/754d9371b8c27313d7a05c48ffb7a84051c52eba/Solutions/Cisco%20Secure%20Endpoint/Data%20Connectors/azuredeploy_CiscoSecureEndpoint_API_FunctionApp.json
You can probably just put in the Sentinel workspace ID?- Sidra_RazaBrass ContributorIs it asking for LAW workspace ID & Resource ID in which sentinel is created?
- Sidra_RazaBrass ContributorI installed the connector from Content Hub, it requests both the Sentinel workspace ID and the Application Insights workspace ID. How both can be same?
- Clive_WatsonBronze ContributorApplication Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.