CanomaDocs
Open Search
Browse docs sections

Connectors Setup

How to connect Sentinel, Splunk, and custom MCP services safely.

Connectors let you combine external threat intelligence with internal telemetry in one workflow. Start narrow, validate quality, then expand scope.

Supported Connector Types

Native Integrations

  • Microsoft Sentinel
  • Splunk

Custom MCP-Compatible Services

  • Approved services reachable through supported MCP interfaces.
  • Internal data stores made available through a managed MCP gateway.

Setup Sequence

  1. Define connector scope (datasets, users, environments).
  2. Configure credentials with least privilege.
  3. Run one low-risk test query and verify output shape.
  4. Restrict hosts and query breadth before wider rollout.

Safety Defaults

Access and Credential Hygiene

  • Use least-privilege API tokens.
  • Rotate connector secrets on schedule.
  • Use separate credentials per environment.

Network and Query Controls

  • Restrict allowed hosts for custom connectors.
  • Validate query scope before broad hunts.
  • Prefer bounded time windows during active triage.

Required Header

AuthorizationBearer tokenrequired

Required for protected connector calls.

Built with markdoc.dev.