SOLVED

Cisco Secure Endpoint connector integration in sentinel

Brass Contributor

Hello,

 

I am trying to send logs of Cisco AMP/secure endpoint to sentinel. I have select the ARM template deployment method. But I am not able to understand what exactly is "App insights workspace resource ID" that is highlighted in below image. I have not created any Application Insights and don't know much about it. Can anyone help? 

Sidra_Raza_1-1715067444217.png

 

 

 

 

 

 

5 Replies
There was a change made 4mths ago, to get off of teh legacy App Insights. Are you using the version from the Content Hub? https://github.com/Azure/Azure-Sentinel/blob/754d9371b8c27313d7a05c48ffb7a84051c52eba/Solutions/Cisc...

You can probably just put in the Sentinel workspace ID?
I installed the connector from Content Hub, it requests both the Sentinel workspace ID and the Application Insights workspace ID. How both can be same?
Is it asking for LAW workspace ID & Resource ID in which sentinel is created?
best response confirmed by Sidra_Raza (Brass Contributor)
Solution
Application Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.
Makes sense now. Thanks alot
1 best response

Accepted Solutions
best response confirmed by Sidra_Raza (Brass Contributor)
Solution
Application Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.

View solution in original post