Azure sentinel icon7/25/2023 If using Azure Key Vault secrets for any of the values above, use the Identifier}) schema in place of the string values. STEP 2 - Deploy the connector and the associated Azure Function App Choose a deployment option You'll find the relevant instructions together with those in the preceding paragraph. You may also need to configure logging or other settings on your source system. You can find details on the exact credentials you'll need, and links to your product's instructions for finding or creating them, on the data connector page in the portal and in the section for your service in the Microsoft Sentinel data connectors reference page. Copy and paste them into a text file for later. STEP 1 - Get your source system's API credentialsįollow your source system's instructions to get its API credentials / authorization keys / tokens. See the section for your service in the Microsoft Sentinel data connectors reference page for links to instructions to create the Kusto function and alias. Some data connectors depend on a parser based on a Kusto Function to work as expected. Follow these instructions to use Azure Key Vault with an Azure Function App. Azure Key Vault provides a secure mechanism to store and retrieve key values. You can securely store workspace and API authorization keys or tokens in Azure Key Vault. For more information, see Discover and manage Microsoft Sentinel out-of-the-box content. Install the solution that contains your Azure Functions-based connector from the Content Hub in Microsoft Sentinel. You may also need other API information such as an endpoint URI.įor more information, see the documentation for the service you're connecting to and the section for your service in the Microsoft Sentinel data connectors reference page. You will also need credentials for accessing the product's API - either a username and password, a token, a key, or some other combination. You must have read and write permissions on Azure Functions to create a Function App. ![]() ![]() ![]() You must have read permissions to shared keys for the workspace. You must have read and write permissions on the Microsoft Sentinel workspace. Make sure that you have the following permissions and credentials before using Azure Functions to connect Microsoft Sentinel to your data source and pull its logs into Microsoft Sentinel: For more information, see the Azure Functions pricing page. Using Azure Functions to ingest data into Microsoft Sentinel may result in additional data ingestion costs. For more information, see Integrate Azure Data Explorer. Once ingested in to Microsoft Sentinel, data is stored in the geographic location of the workspace in which you're running Microsoft Sentinel.įor long term retention, you may also want to store data in Azure Data Explorer.
0 Comments
Leave a Reply. |