blacklens.io
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | blacklens_io |
| Publisher | snapSEC GmbH |
| Used in Solutions | Blacklens |
| Collection Method | REST Pull API |
| Connector Definition Files | blacklens_io.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
The blacklens.io data connector allows you to ingest Attack Surface Management alerts from blacklens.io into Microsoft Sentinel using a webhook-based Logic App and the Azure Monitor Logs Ingestion API.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
blacklens_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions: - Azure Subscription: Contributor or Owner permissions on the resource group are required to deploy the data ingestion infrastructure (Data Collection Endpoint, Data Collection Rule, custom table, and Logic App). - blacklens.io Account: A blacklens.io account with webhook integration capabilities is required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Step 1 - Deploy the data ingestion infrastructure
This step deploys the required Azure resources: a Data Collection Endpoint, Data Collection Rule, custom Log Analytics table (blacklens_CL), and a webhook-triggered Logic App.
-
Click the Deploy to Azure button below.
-
Select the Subscription, Resource Group, and Location where your Microsoft Sentinel workspace resides.
- Enter the Workspace Name of your Log Analytics workspace.
- Click Review + create and then Create.
2. Step 2 - Copy the webhook URL
- After the deployment succeeds, click the Outputs tab on the deployment page.
- Copy the webhookUrl value.
Alternatively, navigate to Logic Apps > la-blacklens-alert-log-ingestion > Overview and copy the Workflow URL.
3. Step 3 - Configure blacklens.io
- Log in to the blacklens.io portal.
- Navigate to the webhook integration settings.
- Paste the webhook URL copied in Step 2.
- Save the configuration.
- Link the webhook integration to at least one notification policy so that alerts are sent to the webhook.
After a few minutes, a test incident should appear in Microsoft Sentinel.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊