Add Microsoft Sentinel to PMC

  1. Select Configuration, and then select SIEM Settings.
  2. Select Enable SIEM Integration to turn on the feature.
  3. From the Integration Type list, select Sentinel.
  4. Enter the details for your Sentinel configuration:
    • Workspace ID: Enter the Sentinel workspace ID. In Sentinel, the workspace ID is located in this path: Settings > Workspace Settings > Agents Management.
    • Workspace Key: Enter the primary key. In Sentinel, the workspace key is located in this path: Settings > Workspace Settings > Agents Management.
    • Custom Log Table Name: The table is listed under the Custom Logs category in Azure Sentinel. A _CL suffix is automatically appended to the end of the custom log table name. A custom log is created if the table name does not exist.
  5. Select the data format: CEF - Common Event Format or ECS - Elastic Common Schema.
  6. Click Validate Settings to test the connection to Sentinel.
  7. Click Save Settings.