Skip to main content

Integrate GravityZone with Azure Sentinel

To set up the link between Microsoft Azure Sentinel and GravityZone follow the steps below:

TBD

Configure Event Push Service

To configure the GravityZone Event Push Service, follow the steps below:

  1. Log in to GravityZone Control Center.

  2. Go to My Account

  3. Under the API keys section, click Add.

  4. Select the Event Push Service check box and click Generate. A new window displays the API key. Make sure to store the key in a secure location.

    gravityzone_api_setup_cp_236593_en.png

  5. Remember the API key and the Access URL.

  6. Click Save to preserve the changes.

You can configure events for the GravityZone Event Push Service by using Postman or another API testing tool of your choice. For more information about the general API functionality, refer to our Public API documentation.

In the API testing tool, you can configure your request using the setPushEventSettings method and the following guidelines:

  • The required URL has the format CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/push, where you must replace the CONTROL_CENTER_APIs_ACCESS_URL with your GravityZone Access URL.

  • The authorization type should be basic.

  • The username is the API key you have previously retrieved.

  • For the API request, you can configure the example in the setPushEventSettings page using the values specified for the azureSentinelV2 service type. By default, multiple event types are included in the request, but you can choose which to add or exclude by setting that event type value to true or false.

Example:

{
       "params": {
          "status": 1,
          "serviceType": "azureSentinelV2",
          "serviceSettings": {
               "url": "https://<datacollection-logingestion-url>.ingest.monitor.azure.com",
               "dcrId": "<data-collector-immutable-ID>",
               "tenantId": "<directory-tenant-id>",
               "clientId": "<application-client-id>",
               "clientSecret": "<client-secret-value>",
               "requireValidSslCertificate": true
          },
          "subscribeToEventTypes": {<events-you-want-to-receive>},
           
       },
       "jsonrpc": "2.0",
       "method": "setPushEventSettings",
       "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
  }

A successful response to your request should have the value true.

For more information, refer to setPushEventSettings.

TBD

In this section: