We are announcing the Codeless Connector Platform (CCP Create a codeless connector for Microsoft Sentinel | Microsoft Docs in public preview, CCP empowers customers and partners to build their own Microsoft Sentinel connectors easily, by configuring a definition file. CCP connector instances are scalable, robust, and backed by Microsoft Sentinel support SLAs since it’s a built-in component.
Currently, CCP enables connecting to any data source that exposes a public REST API endpoint; Microsoft Sentinel product team will continue to enhance the platform to support additional type of features like support for more authentication models, pagination types and more.
Key benefits include:
Avoid writing lines of code to connect with publicly exposed REST APIs
Step 1 – As a Microsoft Sentinel customer you can go to Microsoft Sentinel Content hub and install any of the following solutions that includes a CCP based data connector to immediately connect and ingest data.
GitHub – GitHub Audit log connector provides capability to ingest GitHub audit logs into Microsoft Sentinel.
Slack Audit – Enables ingestion of Slack logs using CCP and monitor the data with SIEM content. This also has the existing Azure Functions data connector, so after you install this solution, connect to the CCP data connector. Furthermore, once data ingestion works fine through the CCP connector, you would want to disable the Azure Functions ingestion to avoid duplicate ingestion costs.
Step 2- Once the solution installs, you can find the CCP data connector in the data connector gallery.
Step 3 – Click on the data connector details page and provide the necessary information to connect and ingest data. Refer to the following illustration as an example of one of the connectors:
Step 4 – Check the connectivity notification on the upper ride side
Note: If you have other ingestion mechanisms like Azure Functions data connectors to ingest data from the same source, please disable those to avoid duplicate ingestion costs.
Step 5 – How to check health monitoring? Microsoft Sentinel health allows you to monitor your connector health, viewing any service or data source issues, such as authentication, throttling, and more.