ZeroFox Enterprise - Alerts (Polling CCP) connector for Microsoft Sentinel

Collects alerts from ZeroFox API.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) {{graphQueriesTableName}}
Data collection rules support Not currently supported
Supported by ZeroFox

Query samples

List all ZeroFox alerts

{{graphQueriesTableName}}

| sort by TimeGenerated asc

Count alerts by network type

{{graphQueriesTableName}}

| summarize Count = count() by ThreatSource=network_s

Count alerts by entity

{{graphQueriesTableName}}

| summarize Count = count() by Entity=entity_name_s

Prerequisites

To integrate with ZeroFox Enterprise - Alerts (Polling CCP) make sure you have:

  • ZeroFox Personal Access Token (PAT): A ZeroFox PAT is required. You can get it in Data Connectors > API Data Feeds.

Vendor installation instructions

Connect ZeroFox to Microsoft Sentinel

Provide your ZeroFox PAT

Next steps

For more information, go to the related solution in the Azure Marketplace.