This article provides an overview of the ContraForce Sentinel Hunting Service Service Principal.
ContraForce Sentinel Hunting
The ContraForce Sentinel Hunting service principal is used to call the Log Analytics API with the Data.Read scope. In the delegated, on-behalf-of flow, this allows the ContraForce Sentinel Hunting service principal to send direct queries to a Sentinel Workspace on behalf of the signed in user. We use this for providing deeper incident context via raw event/”evidence” logs, and for running queries from the Advanced Hunting Sentinel page.
If you have any questions, contact us at support@contraforce.com.
| Client ID | 6bf1c74d-7ade-4671-a507-166936f89a1f |
| API | Log Analytics |
| Permission | Data.Read |
| Type | Delegated |
| Admin Consent Required | No |
| Purpose | Used to query Log Analytics Workspace data on behalf of a signed in user. Is called when getting evidence for a Sentinel Incident. |