MongoDB Atlas Solution for Microsoft Sentinel

Solution: MongoDBAtlas

MongoDBAtlas Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	MongoDB
Support Tier	Partner
Support Link	https://www.mongodb.com/company/contact
Categories	domains
Version	3.0.8
Author	steve.lord@improving.com
First Published	2025-08-22
Solution Folder	MongoDBAtlas
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

This custom data connector uses a Function App to pull MongoDB Atlas log files (MDBA) data from the MongoDB Atlas Administation API and uploads into the selected Log Analytics workspace via the Azure Log Ingestion API.

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

Link to product website

Data Connectors
Tables Used
Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

MongoDB Atlas Logs

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`MDBALogTable_CL`	MongoDB Atlas Logs	-

Additional Documentation

📄 Source: MongoDBAtlas/README.md

MongoDB Atlas API Connector for Microsoft Sentinel

Author: Steve Lord.

Contributor: Lester Szeto

This custom data connector uses a Function App to pull MongoDB Atlas (MDBA) logs from the MongoDB Atlas Administration API and upload them into the selected Log Analytics workspace via the Log Ingestion API.

Release Notes
Pre-requisites
Deployment Process

Pre-requisites

An Azure Subscription
A Resource Group
A Microsoft Sentinel/Log Analytics workspace
Roles required to deploy resources:
- User Access Administrator
- Contributor
- Application Administrator
- Directory Readers
- Directory Writers
- Privileged Role Administrator
A MongoDB Atlas account:
- Cluster Id
- Group Id
- Client Id
- Client Secret

Deployment Process

1. Deploy Azure Resources

Click the Deploy to Azure button above.
Once in the Azure Portal, select the Subscription and Resource Group to deploy the resources into.
Select a workspace from the list of Log Analytics Workspaces.
In the MongoDB connection tab, enter fields for the MongoDB Atlas instance from which you are collecting logs
- Group ID
- A list of up to 10 Cluster IDs, each on a separate line
- Client ID
- Client Secret or a Key Vault name containing the Client Secret. Note the key vault, if used, should be created with a Vault Access Policy
Review the MongoDB filters. Select logs from at least one category.
Scheduling - this uses the CRON syntax to specify the rate at which the logs are collected. The MongoDB Atlas Administration API will publish new logs every 5 minutes.
Click Review and Create.

[Content truncated...]

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.8	05-11-2025	Fix slow UI for MongoDB Cluster ID validation.
3.0.7	29-10-2025	Update extension bundle version, minor instructions update, publisherId update.
3.0.6	17-10-2025	Add ability to pass MongoDB Client Secret via a key vault. Improve concurrency model used to ingest logs.
3.0.5	08-10-2025	Removal of workspace creation. Add ability to pull logs from multiple MongoDB clusters.
3.0.4	01-10-2025	Deployment UI updates. Fix Deploy to Azure button.
3.0.3	29-09-2025	Fixed a bug in log filtering. Some improvements to UI text.
3.0.2	25-09-2025	Fixed bad link to logo in Solution json. Fixed Deploy to Azure links.
3.0.1	18-09-2025	Improved filtering by log ID. Performance improvement to upload via Log Ingestion API in parallel.
3.0.0	17-09-2025	Initial Solution Release