Forum Discussion
Porter76
Aug 10, 2023Brass Contributor
Microsoft Sentinel Custom Data connectors
Afternoon,
With the recent deployment of Sentinel, I have been setting up he log ingestion for the SIEM. So far, all of the data connectors I've setup were OOTB from content hub.
Now I am trying to understand how custom connectors work and the best approach to ingest logs from apps like DOMO where there is no pre existing data connector.
Whats is the best way to go about this? I am having trouble understanding the Codeless Connector Platform and the other methods of deploying a custom connector.
- Clive_WatsonBronze ContributorHave you looked here? https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector
and
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-codeless-connector-platform/ba-p/3095455
However last time I looked (so this may have changed, as it was a few years) DOMO only had a manually export? https://domo-support.domo.com/s/article/360042934574?language=en_US There is a API now https://developer.domo.com/portal/3989acf1bafff-import-and-export-data#export-data- Porter76Brass Contributor
I can't for the life of me understand the CCP. It looks like if you want to use it, there needs to already be a connector for the app/tool youre trying to ingest data from (in this case DOMO) in the content hub, which there isn't for DOMO.
If the CCP is customizable, how can I set it up for DOMO? Is this the best option for getting logs from DOMO?
- Clive_WatsonBronze ContributorI think the real question is, can DOMO export a log in the first place, until we know that we dont know what custom connector solution you need.