API Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | 42CrunchAPIProtection |
| Publisher | 42Crunch |
| Used in Solutions | 42Crunch API Protection |
| Collection Method | REST Pull API |
| Connector Definition Files | 42CrunchAPIProtection.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
Connects the 42Crunch API protection to Azure Log Analytics via the REST API interface
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
apifirewall_log_1_CL 🔶 |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Step 1 : Read the detailed documentation
The installation process is documented in great detail in the GitHub repository Microsoft Sentinel integration. The user should consult this repository further to understand installation and debug of the integration.
2. Step 2: Retrieve the workspace access credentials
The first installation step is to retrieve both your Workspace ID and Primary Key from the Microsoft Sentinel platform.
Copy the values shown below and save them for configuration of the API log forwarder integration.
- Workspace ID: WorkspaceId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Primary Key:
PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
3. Step 3: Install the 42Crunch protection and log forwarder
The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the 42Crunch repository. The exact installation will depend on your environment, consult the 42Crunch protection documentation for full details. Two common installation scenarios are described below: Installation via Docker Compose
The solution can be installed using a Docker compose file.
Installation via Helm charts
The solution can be installed using a Helm chart. 4. Step 4: Test the data ingestion
In order to test the data ingestion the user should deploy the sample httpbin application alongside the 42Crunch protection and log forwarder described in detail here. 4.1 Install the sample
The sample application can be installed locally using a Docker compose file which will install the httpbin API server, the 42Crunch API protection and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
4.2 Run the sample
Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the localhost at port 8080 using Postman, curl, or similar. You should see a mixture of passing and failing API calls.
4.3 Verify the data ingestion on Log Analytics
After approximately 20 minutes access the Log Analytics workspace on your Microsoft Sentinel installation, and locate the Custom Logs section verify that a apifirewall_log_1_CL table exists. Use the sample queries to examine the data.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊