ARGOS Cloud Security
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | ARGOSCloudSecurity |
| Publisher | ARGOS Cloud Security |
| Used in Solutions | ARGOSCloudSecurity |
| Collection Method | REST Pull API |
| Connector Definition Files | Connector_ARGOS.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place. This enables you to easily create dashboards, alerts, and correlate events across multiple systems. Overall this will improve your organization's security posture and security incident response.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ARGOS_CL 🔶 |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Subscribe to ARGOS
Ensure you already own an ARGOS Subscription. If not, browse to ARGOS Cloud Security and sign up to ARGOS.
Alternatively, you can also purchase ARGOS via the Azure Marketplace.
2. Configure Sentinel integration from ARGOS
Configure ARGOS to forward any new detections to your Sentinel workspace by providing ARGOS with your Workspace ID and Primary Key.
There is no need to deploy any custom infrastructure.
Enter the information into the ARGOS Sentinel configuration page.
New detections will automatically be forwarded.
Learn more about the integration
- Workspace ID: WorkspaceId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Primary Key:
PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
Additional Documentation
📄 Source: ARGOSCloudSecurity\Data Connectors\ARGOS_REST_API_Connector.md
Connect your ARGOS Cloud Security to Azure Sentinel
ARGOS Cloud Security connector allows you to easily connect all your ARGOS Cloud Security security solution logs with your Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. In addition this integration allows you to correlate your ARGOS Cloud Security events to other events that are happening in your environment. Integration between ARGOS Cloud Security and Azure Sentinel makes use of REST API.
[!NOTE] Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel. This can be different to the geographic location of your ARGOS Cloud Security subscription.
Configure and connect ARGOS Cloud Security
ARGOS Cloud Security can integrate and export detections directly to Azure Sentinel.
- In the Azure Sentinel portal, click Data connectors and select ARGOS Cloud Security and then Open connector page.
- Either follow the instructions on the ARGOS Resources page on how to configure the integration or if you are already logged in to ARGOS then head to the Sentinel integration page and configure it right away.
Find your data
After a successful connection is established, the data appears in Log Analytics under CustomLogs ARGOS_CL. To use the relevant schema in Log Analytics for the ARGOS Cloud Security, search for ARGOS_CL.
Validate connectivity
It may take up to 20 minutes until your logs start to appear in Log Analytics.
Next steps
In this document, you learned how to connect ARGOS Cloud Security to Azure Sentinel.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊