Miro for Microsoft Sentinel

Solution: Miro

Miro Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Miro
Support Tier	Partner
Support Link	https://help.miro.com
Categories	domains
Version	3.0.0
Author	Miro - enterprise_integrations@miro.com
Last Updated	2026-01-08
Solution Folder	Miro
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Miro solution for Microsoft Sentinel provides the capability to ingest audit logs and content activity logs from Miro REST APIs into Microsoft Sentinel using the Codeless Connector Framework (CCF). This connector enables organizations to monitor and analyze activities within their Miro workspaces. For detailed instructions, refer to the documentation.

Underlying Microsoft technology used:

This solution is dependent on the following technology and this dependency may be in Preview state or might result in additional ingestion or operational costs:

• Codeless Connector Framework (CCF)

Data Connectors
Tables Used
Additional Documentation

Data Connectors

This solution provides 2 data connector(s):

Tables Used

This solution uses 2 table(s):

Table	Used By Connectors	Used By Content
`MiroAuditLogs_CL`	Miro Audit Logs (Enterprise Plan)	-
`MiroContentLogs_CL`	Miro Content Logs (Enterprise Plan + Enterprise Guard)	-

Additional Documentation

📄 Source: Miro/README.md

Overview

The Miro connector ingests audit logs and content activity logs from Miro REST APIs into Microsoft Sentinel using the Codeless Connector Framework (CCF). This centralizes Miro workspace activity monitoring in Microsoft Sentinel for security threat detection, incident investigation, and compliance reporting.

Data connectors

This solution includes two data connectors:

Miro Audit Logs (Enterprise Plan): Organization-wide audit events including user authentication, content access, team changes, and administrative actions. API documentation | Audit logs overview.
Miro Content Logs (Enterprise Plan + Enterprise Guard): Content activity tracking including item creation, updates, and deletions for compliance and eDiscovery. API documentation | Content logs overview.

Prerequisites

General requirements

Active Microsoft Sentinel workspace.
Company Admin role in your Miro organization.
Miro OAuth access token (non-expiring).

Connector-specific requirements

For audit logs connector:

Miro Enterprise Plan.
OAuth scope: auditlogs:read.
Access token.

For content logs connector:

Miro Enterprise Plan + Enterprise Guard add-on.
OAuth scope: contentlogs:export.
Access token.
Miro organization ID.

Installation

There are two ways to set up the Miro connectors.

Option 1 (recommended): Use enterprise integrations. Simplest setup with automatic token generation.
Option 2 (alternative): Create custom OAuth application. More control over OAuth app configuration.

Note: When using Option 1, the integration is automatically tied to the team with the largest number of users in your organization. When using Option 2, you can choose which team to install the app to. However, the team selection does not affect which logs are collected—both options provide organization-wide log access. All integration-relevant events from all teams are included in your logs.

Option 1: Use enterprise integrations (recommended)

This is the simplest option for most users. It automatically creates an OAuth application and generates an access token for you through Miro's enterprise integrations settings.

For audit logs connector

Open Miro company settings.
Expand the Apps and integrations section.
Click Enterprise integrations.
Enable the SIEM toggle.
Copy the Access Token value that appears.
Store the token securely.

For content logs connector

[Content truncated...]

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	05-12-2025	Initial release of the Miro solution with two CCF connectors (Audit Logs and Content Logs).