This article provides an overview of ContraForce's Microsoft Sentinel Hunting enterprise application.
ContraForce's Microsoft Sentinel Hunting service principal
ContraForce's Microsoft Sentinel Hunting enterprise application is used to call the Log Analytics API with the Data.Read scope. In the delegated, on-behalf-of flow, this allows ContraForce's Microsoft Sentinel Hunting enterprise application to send direct queries to a Microsoft Sentinel workspace on behalf of the signed in user. We use this for providing deeper incident context via raw event/"evidence” logs, and for running queries from the Microsoft Sentinel Advanced Hunting page.
If you have any questions, contact us at support@contraforce.com.