Configure Microsoft Sentinel

Configure Microsoft Sentinel

Configure Azure Sentinel

Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestrated Automated Response) solution of Microsoft. She permit alert detection, threat visibility, proactive hunting, and threat response.

Global Prerequisites

  • Azure Subscription : An Azure Subscription is needed for use Microsoft Sentinel. if you don’t have any subscription, you can create free account
  • .
  • Log Analytics workspace : You can create Log Analytics workspace when you configure Azure Sentinel. If you want create before, you can use this link.
  • Permission : Some permission has needed. For enable Microsoft Sentinel, contributor permissions to the subscription has needed. To use Microsoft Sentinel, user must be have contributor or reader permissions on the resource group

Microsoft Sentinel pricing

For the Microsoft Sentinel pricing, you can use this link.

Enable Microsoft Sentinel

From the Azure portal, search Azure sentinel in the search field. Click on Azure Sentinel.

Search Microsoft Sentinel in Azure portal

Click on Create Azure Sentinel.

Create Azure Sentinel

Log Analytics workspace must be created. Click on Create a new workspace for begin creation process.

Create a new workspace

Select a Resource group or create a new one. Enter the name and the region and click on Next.

Create a new workspace

Configure Tag and click on the button for create Log Analytics Workspace

Create a new workspace

Log Analytics Workspace has been created, click on Add for add Azure Sentinel to a workspace.

Add Sentinel to a new workspace

You can now configure Microsoft Sentinel.

Microsoft Sentinel can now be configured

Add an Azure AD connectors

For collect data, you need configure connectors. From the Microsoft Sentinel portal, click on Data connectors.

Click on dates a connectors for collect data

Enter Azure active directory in the search field and click on Azure Active Directory.

Search Azure Active Directory connector

Click on Open connector page for configure Azure Active Directory connector.

Configure connector

Select the desired log types and click on Apply Changes.

Select log type

After few minutes, data has been collected.

data has been collected

If you click on event, you can have more details.

Click on event for more details
View event

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.