Dear Prisma Cloud Support Team,
I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data Connector).
When API Restrictions are enabled in Prisma Cloud, the connection between Microsoft Sentinel and Prisma Cloud fails. Disabling the API restriction resolves the issue, but this is not a feasible solution as IP restriction needs to remain enabled in our environment for security compliance.
Specific Problem:
- I need to determine the specific IP addresses or ranges used by Microsoft Sentinel’s Data Connector to communicate with Prisma Cloud so that I can whitelist only those addresses.
- Adding the entire range of IP addresses from Azure’s published list (
AzureMonitor or AzureCloud) is not practical due to the number of addresses involved.
- I am looking for a way to whitelist only a minimal set of IP addresses to ensure proper functionality while maintaining strict security controls.
Questions:
- Can you provide a definitive list of IP addresses or ranges required for the Microsoft Sentinel Data Connector to function with Prisma Cloud?
- Are there any alternative configurations or best practices for enabling the Data Connector while keeping API restrictions enabled in Prisma Cloud?
Any guidance or recommendations to resolve this issue while adhering to our security policies would be greatly appreciated.
Environment Details:
- Prisma Cloud version: [Your Version]
- Microsoft Sentinel region: [Your Region]
- API Restriction: Enabled
Please let me know if you need additional details to investigate this issue.
Thank you for your support!
Best regards,Dear Prisma Cloud Support Team,
I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data Connector).
When API Restrictions are enabled in Prisma Cloud, the connection between Microsoft Sentinel and Prisma Cloud fails. Disabling the API restriction resolves the issue, but this is not a feasible solution as IP restriction needs to remain enabled in our environment for security compliance.
Specific Problem:
- I need to determine the specific IP addresses or ranges used by Microsoft Sentinel’s Data Connector to communicate with Prisma Cloud so that I can whitelist only those addresses.
- Adding the entire range of IP addresses from Azure’s published list (
AzureMonitor or AzureCloud) is not practical due to the number of addresses involved.
- I am looking for a way to whitelist only a minimal set of IP addresses to ensure proper functionality while maintaining strict security controls.
Questions:
- Can you provide a definitive list of IP addresses or ranges required for the Microsoft Sentinel Data Connector to function with Prisma Cloud?
- Are there any alternative configurations or best practices for enabling the Data Connector while keeping API restrictions enabled in Prisma Cloud?
Any guidance or recommendations to resolve this issue while adhering to our security policies would be greatly appreciated.
Please let me know if you need additional details to investigate this issue.
Thank you for your support!
Best regards,
Jakub
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 84%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)