Doppel Data connector for Microsoft Sentinel
The data connector is built on Microsoft Sentinel for Doppel events and alerts and supports DCR-based ingestion time transformations that parses the received security event data into a custom column so that queries don't need to parse it again, thus resulting in better performance.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | DoppelTable_CL |
| Data collection rules support | Not currently supported |
| Supported by | Doppel |
Query samples
One event log
DoppelTable_CL
| take 1
Prerequisites
To integrate with Doppel Data Connector make sure you have:
- Microsoft Entra Tenant ID, Client ID and Client Secret: Microsoft Entra ID requires a Client ID and Client Secret to authenticate your application. Additionally, Global Admin/Owner level access is required to assign the Entra-registered application a Resource Group Monitoring Metrics Publisher role.
- Requires Workspace ID, DCE-URI, DCR-ID: You will need to get the Log Analytics Workspace ID, DCE Logs Ingestion URI and DCR Immutable ID for the configuration.
Vendor installation instructions
Configure Doppel Webhook
Configure the Webhook in Doppel and Endpoint with permissions in Microsoft Sentinel to send data.
Next steps
For more information, go to the related solution in the Azure Marketplace.