Update documentation for MS Sentinel (#25)

dacoburn · web-flow · commit 2ff1a091d9e7 · 2025-02-18T07:06:56.000-08:00
diff --git a/README.md b/README.md
@@ -12,6 +12,7 @@ This tool supports the following connectors:
 - WebHook
 - Slack
 - SumoLogic
+- MS Sentinel
 
 ### Other SIEM Integrations
 
@@ -168,6 +169,44 @@ if __name__ == '__main__':
     sumo.send_events(issue_data, "socket-sync-alerts")
 ```
 
+### Microsoft Sentinel
+
+The Microsoft Sentinel will use the Workspace ID and Shared Key to send events via the API to MS Sentinel
+
+Initializing Options:
+
+| Option       | Required | Default | Description                             |
+|--------------|----------|---------|-----------------------------------------|
+| workspace_id | True     | None    | Microsoft Workspace ID for your Account |
+| shared_key   | True     | None    | Microsoft Shared Key for authentication |
+
+```python
+import os
+from socketsync.core import Core
+from socketsync.connectors.sentinel import Sentinel
+from datetime import datetime, timezone
+start_time = datetime.strptime("2024-09-10 10:00", "%Y-%m-%d %H:%M").replace(tzinfo=timezone.utc)
+from_time = int((datetime.now(timezone.utc) - start_time).total_seconds())
+
+
+if __name__ == '__main__':
+    socket_org = os.getenv("SOCKET_ORG") or exit(1)
+    api_key = os.getenv("SOCKET_API_KEY") or exit(1)
+    http_source_url = os.getenv("SUMO_HTTP_URL")
+    core = Core(
+        api_key=api_key,
+        from_time=from_time,
+    )
+    issue_data = core.get_issues()
+    ms_sentinel_workspace_id = os.getenv("MS_SENTINEL_WORKSPACE_ID", None)
+    ms_sentinel_shared_key = os.getenv("MS_SENTINEL_SHARED_KEY", None)
+    if not ms_sentinel_workspace_id or not ms_sentinel_shared_key:
+        print("MS_SENTINEL_WORKSPACE_ID and MS_SENTINEL_SHARED_KEY must be set.")
+        exit(1)
+    sentinel = Sentinel(ms_sentinel_workspace_id, ms_sentinel_shared_key)
+    sentinel.send_events(issue_data, "SocketSiemConnector")
+```
+
 ### Panther
 The Panther connector requires you to have an HTTP connector setup in the Panther UI. In this example I used a bearer token but this can be overriden by using custom headers if desired.
 
diff --git a/socketsync/__init__.py b/socketsync/__init__.py
@@ -2,7 +2,7 @@
 
 
 __author__ = "socket.dev"
-__version__ = "1.0.23"
+__version__ = "1.0.24"
 __all__ = ["log", "__version__", "columns", "default_headers"]
 
 log = logging.getLogger("socketdev")
