NC Protect
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | NucleusCyberNCProtect |
| Publisher | archTIS |
| Used in Solutions | NC Protect Data Connector |
| Collection Method | REST Pull API |
| Connector Definition Files | NucleusCyberNCProtect.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
| Microsoft Learn | View on Learn |
NC Protect Data Connector (archtis.com) provides the capability to ingest user activity logs and events into Microsoft Sentinel. The connector provides visibility into NC Protect user activity logs and events in Microsoft Sentinel to improve monitoring and investigation capabilities
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
NCProtectUAL_CL 🔶 |
✗ | ✓ | ✗ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): read and write permissions are required.
- Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions:
- NC Protect: You must have a running instance of NC Protect for O365. Please contact us.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
- Install NC Protect into your Azure Tenancy
- Log into the NC Protect Administration site
- From the left hand navigation menu, select General -> User Activity Monitoring
- Tick the checkbox to Enable SIEM and click the Configure button
- Select Microsoft Sentinel as the Application and complete the configuration using the information below
- Click Save to activate the connection
- Workspace ID:
WorkspaceIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
- Primary Key:
PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊