Upwind Logs Loader (Ingestion API)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index

Attribute Value
Connector ID UpwindLogsLoader
Publisher Upwind
Used in Solutions Upwind
Collection Method Azure Function
Connector Definition Files UpwindLogsLoader_API_FunctionApp.json
Ingestion API Log Ingestion APISibling ARM template declares DCR / Log Ingestion API resources
Microsoft Learn View on Learn

The Upwind Logs Loader data connector ingests compute platform assets from the Upwind cloud security platform into a Microsoft Sentinel custom table using an Azure Function and the Azure Monitor Ingestion API (DCE/DCR).

Upwind provides runtime-powered cloud security, correlating cloud posture with live workload context. This connector surfaces your Upwind inventory — compute platform assets across AWS, GCP, and Azure — directly into Microsoft Sentinel for correlation, hunting, and incident enrichment.

Tables Ingested

This connector ingests data into the following tables:

Table Transformations Ingestion API Lake-Only
UpwindLogsAssets_CL

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

Custom Permissions:

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

NOTE: This connector uses Azure Functions and the Azure Monitor Ingestion API (DCE/DCR) to push Upwind logs into Microsoft Sentinel. The ARM template automatically creates the Data Collection Endpoint, custom log table (UpwindLogsAssets_CL), Data Collection Rule, and role assignment. This might result in additional data ingestion costs. Check the Azure Functions pricing page and Azure Monitor pricing page for details.

(Optional) During deployment, choose Key Vault as the authentication method to securely store your Upwind client secret. You can provide an existing Key Vault name or let the template create a new one. A user-assigned managed identity is automatically configured with the required Key Vault access policies.

1. STEP 1 – Obtain Upwind API credentials

  1. Log in to the Upwind platform.
  2. Navigate to Settings → API Keys.
  3. Create a new API key and note the Client ID and Client Secret.
  4. Navigate to Settings → Organization and note your Organization ID.

2. STEP 2 – Deploy the Azure Function App

Click Deploy to Azure and fill in the parameters. The template automatically creates the DCE, UpwindLogs_CL table, DCR, role assignment, and Function App.

Deploy To Azure

Parameters to fill in:

Parameter Description
WorkspaceName Name of your Log Analytics / Microsoft Sentinel workspace
UpwindOrgId Upwind Organization ID from Step 1
UpwindClientId Upwind API Client ID from Step 1
UpwindClientSecret Upwind API Client Secret from Step 1
AppInsightsWorkspaceResourceID Full Resource ID of the Log Analytics workspace (from Log Analytics workspace → Properties)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index