meshStack Events for Azure Sentinel
Solution: meshStack
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | meshcloud GmbH |
| Support Tier | Partner |
| Support Link | https://feedback.meshcloud.io |
| Categories | domains |
| Version | 3.0.1 |
| Author | meshcloud - support@meshcloud.io |
| First Published | 2025-12-15 |
| Last Updated | 2026-04-16 |
| Solution Folder | meshStack |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The meshStack solution for Microsoft Sentinel enables you to ingest meshStack Event Logs into Microsoft Sentinel.
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
meshStackEventLogs_CL |
meshStack Event Logs | - |
Additional Documentation
📄 Source: meshStack/README.md
meshStack Event Logs Data Connector for Microsoft Sentinel
This solution provides a data connector to ingest meshStack Event Logs into Microsoft Sentinel using the Codeless Connector Framework (CCF) with OAuth2 authentication. meshStack is a cloud platform management solution that helps platform engineering teams build, operate, and scale internal developer platforms (IDPs). See meshcloud for more information.
Quick Start
Prerequisites
- An existing Log Analytics workspace with Microsoft Sentinel enabled
- Appropriate permissions to:
- Deploy ARM templates
- Create Data Collection Endpoints
- Configure Microsoft Sentinel data connectors
- A meshStack instance with Events API enabled
- Admin access to create meshStack API Keys
1. Deploy to Azure
Note: Azure Sentinel automatically creates a Data Collection Endpoint (DCE) once you add your first data connector.
The DCE is named as ASI-<worspace-uuid>.
Option A: Azure Portal
1. Navigate to "Deploy a custom template"
2. Upload Package/mainTemplate.json
3. Select your subscription, resource group, and workspace
4. Deploy
Option B: Azure CLI
# Basic deployment (minimum required parameters)
az deployment group create \
--resource-group <rg-name> \
--template-file Package/mainTemplate.json \
--parameters workspace=<workspace-name> \
workspace-location=<workspace-region>
# Example with all parameters explicitly set
az deployment group create \
--resource-group myResourceGroup \
--template-file Package/mainTemplate.json \
--parameters workspace=mySentinelWorkspace \
workspace-location=eastus \
resourceGroupName=myResourceGroup \
subscription=12345678-1234-1234-1234-123456789abc \
location=eastus
2. Configure Data Connector
- In Azure Portal, go to Microsoft Sentinel > Data connectors
- Search for "meshStack Event Logs"
- Click "Open connector page"
- Fill in the connection form:
- meshStack API URL:
https://your-meshstack-instance.io- Client ID (Key ID): The Key ID from your meshStack API Key - Client Secret (Key Secret): The Key Secret from your meshStack API Key - Toggle the Connect button to enable the connector
Authentication Setup
Understanding meshStack API Keys
When you create an API Key in meshStack, it provides OAuth2 credentials:
- client_id: OAuth2 client identifier (shown as Key ID in meshStack Admin Panel)
- client_secret: OAuth2 client secret (shown as Key Secret in meshStack Admin Panel)
These credentials are used in the OAuth2 client credentials flow:
1. Connector exchanges client_id + client_secret for an access token at /api/login
2. Access token is used in Authorization: Bearer header for API requests
3. Tokens are automatically refreshed when expired
Creating an API Key in meshStack
[Content truncated...]
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.1 | 10-04-2026 | Updated publisherId in solution metadata to address best practice validation |
| 3.0.0 | 15-12-2025 | Initial release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊