Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Collects alerts from ZeroFox API.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | ZeroFox |
Query samples
List all ZeroFox alerts
{{graphQueriesTableName}}
| sort by TimeGenerated asc
Count alerts by network type
{{graphQueriesTableName}}
| summarize Count = count() by ThreatSource=network_s
Count alerts by entity
{{graphQueriesTableName}}
| summarize Count = count() by Entity=entity_name_s
Prerequisites
To integrate with ZeroFox Enterprise - Alerts (Polling CCP) make sure you have:
- ZeroFox Personal Access Token (PAT): A ZeroFox PAT is required. You can get it in Data Connectors > API Data Feeds.
Vendor installation instructions
Connect ZeroFox to Microsoft Sentinel
Provide your ZeroFox PAT
Next steps
For more information, go to the related solution in the Azure Marketplace.