Not Monitored
Tag not monitored by Microsoft.
41,834 questions
Data Connector - Api Restriction
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 84%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Jakub Wierzchowski
0
Reputation points
Dear Prisma Cloud Support Team,
I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data Connector).
When API Restrictions are enabled in Prisma Cloud, the connection between Microsoft Sentinel and Prisma Cloud fails. Disabling the API restriction resolves the issue, but this is not a feasible solution as IP restriction needs to remain enabled in our environment for security compliance.
Specific Problem:
- I need to determine the specific IP addresses or ranges used by Microsoft Sentinel’s Data Connector to communicate with Prisma Cloud so that I can whitelist only those addresses.
- Adding the entire range of IP addresses from Azure’s published list (
AzureMonitororAzureCloud) is not practical due to the number of addresses involved. - I am looking for a way to whitelist only a minimal set of IP addresses to ensure proper functionality while maintaining strict security controls.
Questions:
- Can you provide a definitive list of IP addresses or ranges required for the Microsoft Sentinel Data Connector to function with Prisma Cloud?
- Are there any alternative configurations or best practices for enabling the Data Connector while keeping API restrictions enabled in Prisma Cloud?
Any guidance or recommendations to resolve this issue while adhering to our security policies would be greatly appreciated.
Environment Details:
- Prisma Cloud version: [Your Version]
- Microsoft Sentinel region: [Your Region]
- API Restriction: Enabled
Please let me know if you need additional details to investigate this issue.
Thank you for your support!
Best regards,Dear Prisma Cloud Support Team,
I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data Connector).
When API Restrictions are enabled in Prisma Cloud, the connection between Microsoft Sentinel and Prisma Cloud fails. Disabling the API restriction resolves the issue, but this is not a feasible solution as IP restriction needs to remain enabled in our environment for security compliance.
Specific Problem:
- I need to determine the specific IP addresses or ranges used by Microsoft Sentinel’s Data Connector to communicate with Prisma Cloud so that I can whitelist only those addresses.
- Adding the entire range of IP addresses from Azure’s published list (
AzureMonitororAzureCloud) is not practical due to the number of addresses involved. - I am looking for a way to whitelist only a minimal set of IP addresses to ensure proper functionality while maintaining strict security controls.
Questions:
- Can you provide a definitive list of IP addresses or ranges required for the Microsoft Sentinel Data Connector to function with Prisma Cloud?
- Are there any alternative configurations or best practices for enabling the Data Connector while keeping API restrictions enabled in Prisma Cloud?
Any guidance or recommendations to resolve this issue while adhering to our security policies would be greatly appreciated.
Please let me know if you need additional details to investigate this issue.
Thank you for your support!
Best regards,
Jakub
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju 12,120 Reputation points Microsoft Vendor2025-01-30T19:42:21.0033333+00:00 Hello @Jakub Wierzchowski,
Thank you for posting your query on Microsoft Q&A.
Regarding your first question, Microsoft Sentinel does not use a fixed set of IP addresses for its Data Connector. Instead, it relies on Azure's underlying infrastructure, which dynamically assigns IP addresses from a broad range. Unfortunately, Microsoft does not provide a definitive list of IP addresses specifically for Sentinel’s Data Connector. However, you can refer to the Azure IP Ranges and Service Tags for the region where your Microsoft Sentinel is deployed.
Download Azure IP Ranges from Microsoft Azure IP Ranges and Service Tags page.
Download the JSON file containing the latest IP ranges for Azure services.
Look for service tags related to AzureMonitor and AzureCloud in the JSON file. These tags include the IP ranges that Microsoft Sentinel may use for communication.
While whitelisting the entire range may not be practical, you can narrow it down to the IP ranges associated with your specific Azure region (e.g., AzureCloud.[YourRegion]).
Regarding your second question, I recommend reaching out to Prisma Cloud Support for further guidance. According to this Prisma Cloud document, there should be no network restrictions between Prisma Cloud and Azure Sentinel, allowing seamless transfer of logs and events.
I hope this information is helpful.
Sign in to comment
Sign in to answer