Configure Microsoft Sentinel
Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestrated Automated Response) solution of Microsoft. She permit alert detection, threat visibility, proactive hunting, and threat response.
Global Prerequisites
- Azure Subscription : An Azure Subscription is needed for use Microsoft Sentinel. if you don’t have any subscription, you can create free account .
- Log Analytics workspace : You can create Log Analytics workspace when you configure Azure Sentinel. If you want create before, you can use this link.
- Permission : Some permission has needed. For enable Microsoft Sentinel, contributor permissions to the subscription has needed. To use Microsoft Sentinel, user must be have contributor or reader permissions on the resource group
Microsoft Sentinel pricing
For the Microsoft Sentinel pricing, you can use this link.
Enable Microsoft Sentinel
From the Azure portal, search Azure sentinel in the search field. Click on Azure Sentinel.
Click on Create Azure Sentinel.
Log Analytics workspace must be created. Click on Create a new workspace for begin creation process.
Select a Resource group or create a new one. Enter the name and the region and click on Next.
Configure Tag and click on the button for create Log Analytics Workspace
Log Analytics Workspace has been created, click on Add for add Azure Sentinel to a workspace.
You can now configure Microsoft Sentinel.
Add an Azure AD connectors
For collect data, you need configure connectors. From the Microsoft Sentinel portal, click on Data connectors.
Enter Azure active directory in the search field and click on Azure Active Directory.
Click on Open connector page for configure Azure Active Directory connector.
Select the desired log types and click on Apply Changes.
After few minutes, data has been collected.
If you click on event, you can have more details.