Cognni for Microsoft Sentinel

Solution: Cognni

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Cognni
Support Tier	Partner
Support Link	https://cognni.ai/contact-support/
Categories	domains
Version	2.0.0
Author	Cognni
First Published	2022-05-06
Solution Folder	Cognni
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Cognni solution for Microsoft Sentinel enables you to ingest critical information-based incidents from the Cognni platform into Microsoft Sentinel.

Underlying Microsoft Technologies used:

This solution is dependent on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Azure Monitor HTTP Data Collector API

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Cognni 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`CognniIncidents_CL` 🔶	Cognni	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 16 content item(s):

Content Type	Count
Analytic Rules	15
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Cognni Incidents for Highly Sensitive Business Information	High	Collection	`CognniIncidents_CL`
Cognni Incidents for Highly Sensitive Financial Information	High	Collection	`CognniIncidents_CL`
Cognni Incidents for Highly Sensitive Governance Information	High	Collection	`CognniIncidents_CL`
Cognni Incidents for Highly Sensitive HR Information	High	Collection	`CognniIncidents_CL`
Cognni Incidents for Highly Sensitive Legal Information	High	Collection	`CognniIncidents_CL`
Cognni Incidents for Low Sensitivity Business Information	Low	Collection	`CognniIncidents_CL`
Cognni Incidents for Low Sensitivity Financial Information	Low	Collection	`CognniIncidents_CL`
Cognni Incidents for Low Sensitivity Governance Information	Low	Collection	`CognniIncidents_CL`
Cognni Incidents for Low Sensitivity HR Information	Low	Collection	`CognniIncidents_CL`
Cognni Incidents for Low Sensitivity Legal Information	Low	Collection	`CognniIncidents_CL`
Cognni Incidents for Medium Sensitivity Business Information	Medium	Collection	`CognniIncidents_CL`
Cognni Incidents for Medium Sensitivity Financial Information	Medium	Collection	`CognniIncidents_CL`
Cognni Incidents for Medium Sensitivity Governance Information	Medium	Collection	`CognniIncidents_CL`
Cognni Incidents for Medium Sensitivity HR Information	Medium	Collection	`CognniIncidents_CL`
Cognni Incidents for Medium Sensitivity Legal Information	Medium	Collection	`CognniIncidents_CL`

Workbooks

Name	Tables Used
CognniIncidentsWorkbook	`CognniIncidents_CL`