Select Configuration, and then select SIEM Settings.
Select Enable SIEM Integration to turn on the feature.
From the Integration Type list, select Sentinel.
Enter the details for your Sentinel configuration:
Workspace ID: Enter the Sentinel workspace ID. In Sentinel, the workspace ID is located in this path: Settings > Workspace Settings > Agents Management.
Workspace Key: Enter the primary key. In Sentinel, the workspace key is located in this path: Settings > Workspace Settings > Agents Management.
Custom Log Table Name: The table is listed under the Custom Logs category in Azure Sentinel. A _CL suffix is automatically appended to the end of the custom log table name. A custom log is created if the table name does not exist.
Select the data format: CEF - Common Event Format or ECS - Elastic Common Schema.
Click Validate Settings to test the connection to Sentinel.
Click Save Settings.
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering companies to secure and manage their entire universe of privileges. The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance.