Microsoft Sentinel integration is available for organizations with Password Management or Credential Protection.
With our Microsoft Sentinel integration, you can track how your team members use Dashlane. When you turn on the integration for your team, we send your activity logs automatically to Microsoft Sentinel.
Microsoft Sentinel is a security information and event management (SIEM) tool that allows you to monitor team activity in real time. You can search and filter events like added devices, login sharing, and invitations to your Dashlane plan. You can also set up alerts for specific events, like when someone shares a login.
Set up the Microsoft Sentinel integration for your team
- Log in to your Microsoft Sentinel Enterprise account.
- Configure the Logs ingestion API to send data to Azure Monitor Logs
-
Open the Admin Console in Dashlane. Select Integrations, then Events Reporting, and select Set up in the Microsoft Sentinel section.
-
Go back to the Microsoft Entra admin center and select Identity, Applications, App registrations.
-
After selecting the application you created, you'll see both the Application (client) ID and the Directory (tenant) ID, so you can copy those values and paste them in their respective fields in the setup page in the Dashlane Admin Console.
- Next, you can paste the Secret value you copied when you first created the new application in Microsoft Sentinel.
-
After this, go to the Azure portal, select Monitor, Data Collection Rules, select the Data Collection Rule (DCR) you created, and paste it into the respective field in the Admin Console.
-
The Stream name field in the Admin Console set up page will be the name of the custom table you created in the Azure portal, with the suffix
_CL. Example:DashlaneAudit_CL - In the Azure portal go to Monitor, Settings, Data Collection Endpoints, select Dashlane's Endpoint, Logs Ingestion.
-
There you'll see the logs ingestion endpoint, so you can copy and paste it into the respective field in the Admin Console.
-
Before saving, we recommend selecting the Enable OCSF mapping for Microsoft Sentinel beta option to immediately standardize logs in Microsoft Sentinel without manually mapping fields.
-
-
Turn on Activate Microsoft Sentinel Integration. Events in your Activity Log will appear in Microsoft Sentinel after five minutes.
After setting up your integration, you can use Microsoft Sentinel to track the events listed in the Activity Log in your Dashlane Admin Console.
Note: Your Microsoft Sentinel integration won't log any previous events. Only new events will be tracked after the setup.
Use Activity Logs to track team activity
Beta: OCSF (Open Cybersecurity Schema Framework) export format
OCSF (Open Cybersecurity Schema Framework) is an open-source standard designed to provide a common language for security events. It creates a unified structure that allows different security tools to share data without the need for custom, proprietary mapping.
Mapping Dashlane logs to this standard before sending them to Microsoft Sentinel offers several key advantages for security teams:
- Without OCSF, Dashlane currently sends raw, unformatted event data, often requiring admins to spend hours developing custom parsers to process it.
- Standardized OCSF data allows security tools to ingest and analyze Dashlane logs immediately. This accelerates an organization's ability to build custom rules, reports, and dashboards in its security environment.
- OCSF allows a significantly faster setup for subsequent security tools integrations.
- Standardizing log formats prepares security data for emerging AI-driven "agentic" workflows. By using OCSF, Dashlane logs can be easily accessed by AI security assistants.
For more information on tracking events in Microsoft Sentinel, check out Microsoft’s documentation website.
Microsoft Sentinel documentation
If you have any issues with this process, please contact our Support team through the Admin Console.