Microsoft Sentinel
Setup Integration between Microsoft Sentinel and Platform
Microsoft Sentinel is a cloud-native security management solution running in the Microsoft cloud. You can integrate Microsoft Sentinel with the Delinea Platform with webhooks.
Prerequisites
Ensure you have all required accounts and utilities before starting the integration:
- A Microsoft subscription
- Access to the Microsoft Portal
- A Log Analytics workspace
Create Log Analytics Workspace
- In the Microsoft portal, create your workspace
- Open your workspace, click Agents under “Settings”
- Click the arrow icon to expand the Log Analytics agent instructions.
- Copy Workpace Id
Configuring Microsoft Sentinel
Microsoft Sentinel configuration requires creating a Logic app and setting up Microsoft Log Analytics.
Creating a Logic App in Microsoft
- Log in to the Microsoft dashboard.
- In the Microsoft services section, click Create a resource.
3. Search for the “Logic App” and select it.
4. Click Create.
5. Fill in the required information for your Logic App and click Review+Create.
NOTE: Paid users can choose the ‘Standard’ plan type, while free users can choose the ‘Consumption’ plan type
Once the deployment is done, your Logic App is created in Microsoft.
Setting up Microsoft Log Analytics
- Click Logic App Designer under the “Development Tools” section in the Logic App.
- In the designer, click Add trigger.
3. In the Add trigger window, search for “HTTP” and select “When an HTTP request is received.” You will use this trigger when setting up a connection with your custom application via api
4. Copy the HTTP URL and save it.
5. You can add multiple triggers according to your requirements.
Add Microsoft Sentinel to your workspace
- Go to Microsoft Sentinel and click on create
- Choose/create your workspace to add
Conclusion
Following these steps, you will be able to set up a trigger for Microsoft Sentinel. Ensure that you store the trigger URL securely as it is required for integration.
In the Platform (Bolster Platform):
- Login to the Platform:
- Log in to the platform.
- Navigate to Automation:
- Click on the Integration tab, Go to Microsoft Sentinel.
3. Create New Connector:
- In the Microsoft Sentinel Connector popup, provide a name for the connector.
4. Input logic app http URL
- Input the Connector Name
- In the URL field, paste the URL you copied from the HTTP request setup.
5. Test and Save Connector:
- Click on Test Connector to ensure everything is set up correctly.
- Once the test is successful, click Save.
By following these steps, you can successfully set up a connection to send data from your platform to Microsoft Sentinel. This integration allows for automated data transfers and notifications directly within your Microsoft Sentinel env.
Verify the data from platform in Microsoft Sentinel
- Create an automation playbook in the platform by clicking on “NEW PLAYBOOK“
- Provide the all the necessary details in the form
- In define connectors in the form
4. In define connectors, choose above created connector
5. Run the playbook
6. Observe the result in the sentinel