Cognni connector for Microsoft Sentinel
The Cognni connector offers a quick and simple integration with Microsoft Sentinel. You can use Cognni to autonomously map your previously unclassified important information and detect related incidents. This allows you to recognize risks to your important information, understand the severity of the incidents, and investigate the details you need to remediate, fast enough to make a difference.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | CognniIncidents_CL |
Data collection rules support | Not currently supported |
Supported by | Cognni |
Query samples
Get all incidents order by time
CognniIncidents_CL
| order by TimeGenerated desc
Get high risk incidents
CognniIncidents_CL
| where Severity == 3
Get medium risk incidents
CognniIncidents_CL
| where Severity == 2
Get low risk incidents
CognniIncidents_CL
| where Severity == 1
Vendor installation instructions
Connect to Cognni
- Go to Cognni integrations page
- Click 'Connect' on the 'Microsoft Sentinel' box
- Copy and paste 'workspaceId' and 'sharedKey' (from below) to the related fields on Cognni's integrations screen
- Click the 'Connect' button to complete the configuration.
Soon, all your Cognni-detected incidents will be forwarded here (into Microsoft Sentinel)
Not a Cognni user? Join us
Shared Key
Next steps
For more information, go to the related solution in the Azure Marketplace.