Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
Documentation for administrators
1
Getting started
2
Administering Push
3
Add employees
4
Install the browser extension
5
Manage security controls
6
Manage SaaS accounts and apps
7
Connect to SIEM or SOAR
Ingesting events using Azure Monitor and Microsoft Sentinel
Ingesting events using Panther
Ingesting events using Datadog
Ingesting events using Cribl Cloud
Ingesting events using Tines
Send webhook events to Slack

Ingesting events using Azure Monitor and Microsoft Sentinel

In this section:

Configure Azure Monitor and Microsoft Sentinel to allow for ingesting Push webhook logs. Then you can use Microsoft Sentinel to perform analytics and to configure alerting.

Overview of setup steps:

  • Create a Log Analytics workspace in Sentinel if you haven’t already.

  • Retrieve relevant keys from Log Analytics workspace.

  • Complete the integration in the Push admin console.

Once the integration is complete, a log table will automatically be created within Sentinel.

Important! Do not create a custom log table, as this will cause the integration to fail.

Create a Log Analytics workspace

First, determine if you already have an existing Log Analytics workspace configured within Sentinel. If you have an existing workspace, you can skip the following steps 1-8. Go to the section titled Retrieve keys from Log Analytics workspace and start there.

If you don't have an existing workspace, you'll need to create one. Here's how.

1. Navigate to Log Analytics workspaces and click +Create.

2. Select or create a Resource group with the appropriate permissions.

3. Click Review + Create.

Sentinel - updated 2025 - step 1 - docs

4. Click Create.

5. Wait for the deployment to complete.

6. Next, you'll add the Log Analytics workspace to Sentinel by going to Sentinel, then select +Create.

7. Choose the Log Analytics workspace you just created.

8. Click Add.

Retrieve keys from Log Analytics workspace

Once the workspace has been created, you're ready to retrieve keys from Azure.

Within Azure, go to Log Analytics workspaces.

1. Select your workspace.

2. Then go to Settings > Agents > Log Analytics agent instructions.

3. Copy the Workspace ID and Primary key.

Sentinel - updated 2025 - step 2 - docs

Configure the integration in Push

Finally, you need to set up the Microsoft Sentinel integration in the Push admin console. Go to Settings > Integrations and choose Sentinel.

Input the Workspace ID and Primary key (Workspace key), and create a new log table name.

Important! Do not use an existing log table name. This will cause the integration to fail. A table will be created automatically when you create a new log table name.

Sentinel - updated 2025 - step 3 - docs

The new table will appear in Microsoft Sentinel under General > Logs within the new table you created. The table will automatically have “_CL” appended to it (e.g. PushSecurity_CL).

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.