Microsoft Sentinel Custom Data connectors

Brass Contributor

Afternoon,

 

With the recent deployment of Sentinel, I have been setting up he log ingestion for the SIEM. So far, all of the data connectors I've setup were OOTB from content hub. 

 

Now I am trying to understand how custom connectors work and the best approach to ingest logs from apps like DOMO where there is no pre existing data connector. 

 

Whats is the best way to go about this? I am having trouble understanding the Codeless Connector Platform and the other methods of deploying a custom connector. 

4 Replies

@Clive_Watson 

 

I can't for the life of me understand the CCP. It looks like if you want to use it, there needs to already be a connector for the app/tool youre trying to ingest data from (in this case DOMO) in the content hub, which there isn't for DOMO.

 

If the CCP is customizable, how can I set it up for DOMO? Is this the best option for getting logs from DOMO? 

I think the real question is, can DOMO export a log in the first place, until we know that we dont know what custom connector solution you need.
I was able to find this document on DOMOs activity log API
https://developer.domo.com/portal/80b418fba449e-activity-log