ZeroFox Enterprise - Alerts (Polling CCF)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | ZeroFoxAlertsDefinition |
| Publisher | ZeroFox Enterprise |
| Used in Solutions | ZeroFox, ZeroFoxAlerts |
| Collection Method | CCF |
| Connector Definition Files | ZeroFoxAlerts_ConnectorDefinition.json |
| DCR Definition Files | ZeroFoxAlerts_DCR.json, ZeroFoxAlerts_DCR.json |
| CCF Configuration | ZeroFoxAlerts_PollerConfig.json |
| CCF Capabilities | APIKey, Paging |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
| Microsoft Learn | View on Learn |
Collects alerts from ZeroFox API.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ZeroFoxAlertPoller_CL 🔶 |
✓ | ✓ | ✓ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): read and write permissions are required.
Custom Permissions:
- ZeroFox Personal Access Token (PAT): A ZeroFox PAT is required. You can get it in Data Connectors > API Data Feeds.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect ZeroFox to Microsoft Sentinel
Connect ZeroFox to Microsoft Sentinel
- Provide your ZeroFox PAT: (password field)
- Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊