ContraForce Sentinel Hunting Service Principal

This article provides an overview of the ContraForce Sentinel Hunting Service Service Principal.

ContraForce Sentinel Hunting

The ContraForce Sentinel Hunting service principal is used to call the Log Analytics API with the Data.Read scope. In the delegated, on-behalf-of flow, this allows the ContraForce Sentinel Hunting service principal to send direct queries to a Sentinel Workspace on behalf of the signed in user. We use this for providing deeper incident context via raw event/”evidence” logs, and for running queries from the Advanced Hunting Sentinel page.

If you have any questions, contact us at support@contraforce.com. 

Client ID 6bf1c74d-7ade-4671-a507-166936f89a1f
API Log Analytics
Permission Data.Read
Type Delegated
Admin Consent Required No
Purpose Used to query Log Analytics Workspace data on behalf of a signed in user. Is called when getting evidence for a Sentinel Incident.