This article provides an overview of ContraForce's Microsoft Sentinel Hunting service principal.
ContraForce's Microsoft Sentinel Hunting service principal
ContraForce's Microsoft Sentinel Hunting service principal is used to call the Log Analytics API with the Data.Read scope. In the delegated, on-behalf-of flow, this allows ContraForce's Microsoft Sentinel Hunting service principal to send direct queries to a Microsoft Sentinel workspace on behalf of the signed in user. We use this for providing deeper incident context via raw event/"evidence” logs, and for running queries from the Microsoft Sentinel Advanced Hunting page.
If you have any questions, contact us at support@contraforce.com.
| Client ID | 6bf1c74d-7ade-4671-a507-166936f89a1f |
| API | Log Analytics |
| Permission | Data.Read |
| Type | Delegated |
| Admin Consent Required | No |
| Purpose | Used to query Log Analytics Workspace data on behalf of a signed in user. Is called when getting evidence for a Microsoft Sentinel incident. |