cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Cisco Secure Endpoint connector integration in sentinel

Sidra_Raza
Brass Contributor

‎May 07 2024 12:38 AM

‎May 07 2024 12:38 AM

Cisco Secure Endpoint connector integration in sentinel

Hello,

 

I am trying to send logs of Cisco AMP/secure endpoint to sentinel. I have select the ARM template deployment method. But I am not able to understand what exactly is "App insights workspace resource ID" that is highlighted in below image. I have not created any Application Insights and don't know much about it. Can anyone help? 

Sidra_Raza_1-1715067444217.png

 

 

 

 

 

 

Labels:
661 Views
0 Likes
6 Replies
Reply
6 Replies
Clive_Watson

‎May 07 2024 01:16 AM

‎May 07 2024 01:16 AM

Re: Cisco Secure Endpoint connector integration in sentinel

There was a change made 4mths ago, to get off of teh legacy App Insights. Are you using the version from the Content Hub? https://github.com/Azure/Azure-Sentinel/blob/754d9371b8c27313d7a05c48ffb7a84051c52eba/Solutions/Cisc...

You can probably just put in the Sentinel workspace ID?
0 Likes
Reply
Sidra_Raza

‎May 07 2024 01:46 AM

‎May 07 2024 01:46 AM

Re: Cisco Secure Endpoint connector integration in sentinel

I installed the connector from Content Hub, it requests both the Sentinel workspace ID and the Application Insights workspace ID. How both can be same?
0 Likes
Reply
Sidra_Raza

‎May 07 2024 01:54 AM

‎May 07 2024 01:54 AM

Re: Cisco Secure Endpoint connector integration in sentinel

Is it asking for LAW workspace ID & Resource ID in which sentinel is created?
0 Likes
Reply
best response confirmed by Sidra_Raza (Brass Contributor)
Clive_Watson

‎May 07 2024 02:50 AM

‎May 07 2024 02:50 AM

Solution

Re: Cisco Secure Endpoint connector integration in sentinel

Application Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.
0 Likes
Reply
Sidra_Raza

‎May 07 2024 04:42 AM

‎May 07 2024 04:42 AM

Re: Cisco Secure Endpoint connector integration in sentinel

Makes sense now. Thanks alot
0 Likes
Reply
CalebJ335

‎Jul 11 2024 12:42 PM

‎Jul 11 2024 12:42 PM

Re: Cisco Secure Endpoint connector integration in sentinel

@Sidra_Raza Were you ever able to get the connector for Cisco Secure Endpoint to work? I am trying to integrate our information into Sentinel, but I am apparently doing something incorrectly. Would you mind sharing what you did if you were able to get it to work?

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Sidra_Raza (Brass Contributor)
Clive_Watson

‎May 07 2024 02:50 AM

‎May 07 2024 02:50 AM

Solution

Re: Cisco Secure Endpoint connector integration in sentinel

Application Insights and Workspaces are the same technology (or at least very close), Microsoft are migrating people to one common product, so all App insight data is now stored in a log Analytic Workspace.

View solution in original post

0 Likes
Reply