> For the complete documentation index, see [llms.txt](https://docs.sola.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sola.security/integrations/data-sources/sentinel-data-lake.md).

# Sentinel Data Lake

## Overview <a href="#overview" id="overview"></a>

The Sentinel Data Lake integration allows you to connect Microsoft Sentinel, Defender, and Entra as a real-time security data stream and get continuous, context-aware insights for detection, investigation, and response.

With the Sentinel Data Lake integration, you can:

* Connect Microsoft Sentinel security events as a real-time data stream for continuous analysis and correlation.
* Correlate Sentinel security events with data across your cloud, identity, and SaaS environment.
* Investigate security events in real time with Sola's AI-powered reasoning.
* Support detection, investigation, and response with live security data from your Microsoft environment.

{% hint style="warning" %}
**Your data can only be retrieved, never modified.**

Once connected, your data is securely stored, and access is restricted to retrieving configurations and metadata only. Authentication methods ensure secure delegation of permissions while maintaining data integrity.
{% endhint %}

## Set up Google Sheets data source integration with Sola <a href="#set-up-wiz-data-source-integration-with-sola" id="set-up-wiz-data-source-integration-with-sola"></a>

{% columns %}
{% column width="58.333333333333336%" %}
Go to ***Integrations*** > [***Data Sources***](https://app.sola.security/integrations/data-sources) > click ***New data source*** > select ***Sentinel Data Lake***.

*The Sola wizard will take you through the steps.*
{% endcolumn %}

{% column width="41.666666666666664%" %} <a href="https://app.sola.security/integrations/data-sources?integration=sentinel_data_lake" class="button primary">Set up Sentinel Data Lake -></a>
{% endcolumn %}
{% endcolumns %}

To connect connect Sentinel Data Lake, you'll need an Azure user with:

* **Owner** or **User Access Administrator** role on the subscription, and
* **Application Administrator** or **Global Administrator** role in Azure AD.

You'll also need [**Azure Cloud Shell**](https://learn.microsoft.com/en-us/azure/cloud-shell/get-started) configured on your account.

{% tabs %}
{% tab title="Azure Cloud Shell" %}
This method uses Azure Cloud Shell to create an Azure Service Principal with read-only roles on your Sentinel workspace and output the credentials needed to complete the connection.
{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/integrations/data-sources/sentinel-data-lake.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.