Overview
Sectigo Connector for Microsoft Sentinel ("the connector") is an Azure cloud solution for integrating Sectigo Certificate Manager (SCM) audit services with the customer’s Microsoft Sentinel environment. The connector enables seamless access to SCM logs within the Sentinel environment. By connecting Sectigo’s SCM logs, customers gain centralized log analysis, threat detection, and incident response capabilities.
Audience
This guide is intended for Sentinel administrators and system administrators who have knowledge of IT security, cloud security, and are also familiar with SCM.
Scope
This guide covers instructions for deploying and configuring the Sectigo-developed Azure cloud solution to deliver SCM audit logs to your Microsoft Sentinel environment.
Process Workflow
-
A cronjob schedules an Azure function.
-
The function uses Azure blob storage to retrieve the last synchronization checkpoint.
-
The function fetches recent logs from the Remote Audit API.
-
The function publishes recent logs to the Data Collection Endpoint via the Azure Log Ingestion API.
-
The Data Collection Rule applies transformations and streams logs to Custom Table for audit logs in Azure Analytics Workspace.
-
The Azure function updates the last synchronization checkpoint on Azure blob storage (to resume from correct point in next run).
-
The process repeats.