We are announcing the Codeless Connector Platform (CCP Create a codeless connector for Microsoft Sentinel | Microsoft Docs in public preview, CCP empowers customers and partners to build their own Microsoft Sentinel connectors easily, by configuring a definition file. CCP connector instances are scalable, robust, and backed by Microsoft Sentinel support SLAs since it’s a built-in component.
Currently, CCP enables connecting to any data source that exposes a public REST API endpoint; Microsoft Sentinel product team will continue to enhance the platform to support additional type of features like support for more authentication models, pagination types and more.
Key benefits include:
Step 1 – As a Microsoft Sentinel customer you can go to Microsoft Sentinel Content hub and install any of the following solutions that includes a CCP based data connector to immediately connect and ingest data.
Step 2- Once the solution installs, you can find the CCP data connector in the data connector gallery.
Step 3 – Click on the data connector details page and provide the necessary information to connect and ingest data. Refer to the following illustration as an example of one of the connectors:
Step 4 – Check the connectivity notification on the upper ride side
Note: If you have other ingestion mechanisms like Azure Functions data connectors to ingest data from the same source, please disable those to avoid duplicate ingestion costs.
Step 5 – How to check health monitoring? Microsoft Sentinel health allows you to monitor your connector health, viewing any service or data source issues, such as authentication, throttling, and more.
Monitor the health of your Microsoft Sentinel data connectors | Microsoft Docs
Step 1 - Follow the guidance for building a CCP data connector.
Step 2 - Follow the solution guidance to build additional SIEM content, as applies, and publish as a solution in Content hub.
We plan to continue adding more features to CCP to help support more scenarios and following is a preview of what’s coming next.
Install and enable the CCP data connectors by installing the respective solution in Content hub. Let us know your feedback using any of the channels listed in the Resources.
We also invite our partners to build and publish new solutions that include CCP data connectors for Microsoft Sentinel. Get started now by joining the Microsoft Sentinel Threat Hunters GitHub community and follow the solutions build and publish guidance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.