Select Configuration, and then select SIEM Settings.
Select Enable SIEM Integration to turn on the feature.
From the Integration Type list, select Sentinel.
Enter the details for your Sentinel configuration:
Workspace ID: Enter the Sentinel workspace ID. In Sentinel, the workspace ID is located in this path: Settings > Workspace Settings > Agents Management.
Workspace Key: Enter the primary key. In Sentinel, the workspace key is located in this path: Settings > Workspace Settings > Agents Management.
Custom Log Table Name: The table is listed under the Custom Logs category in Azure Sentinel. A _CL suffix is automatically appended to the end of the custom log table name. A custom log is created if the table name does not exist.
Select the data format: CIM - Common Information Model or ECS - Elastic Common Schema.
Click Validate Settings to test the connection to Sentinel.
