Azure Sentinel Integration

💡

Azure Sentinel is a cloud-based security information and event management (SIEM) system developed by Microsoft. It helps organizations collect, analyze, and investigate security-related data from various sources, including cloud and on-premises environments.

Users can integrate Azure Sentinel to Plerion and receive alerts as Sentinel incidents.

⚠️

Note: The Sentinel outbound integration is one-way only, meaning that alerts created or updated in Plerion will be reflected in Sentinel, but changes made directly to Sentinel incidents will not be synced back to Plerion.

Steps for adding a Sentinel Integration

  1. On the Plerion Dashboard, Click on Tenant Settings and click on Integrations.

Tenant Settings

  1. Click on Outbound Tab and click on the + button against 'Sentinel'.

Tenant Settings

  1. On the 'Connect Sentinel' tab, provide a name for the integration and follow the instructions.

Tenant Settings

  1. On the 'Connect Sentinel' tab, provide Application ID, Directory ID , Secret and Subscription ID. Select 'Next'.

Tenant Settings

  1. On the 'Choose Workspace' tab, select workspace, resource group and severity of incidents to be created on Sentinel.

Tenant Settings

  1. Select 'Send test message' to check if the configuration selected by the user is correct. Test message created has the following format.

Tenant Settings

Tenant Settings

  1. Select 'Add' to add the Sentinel integration.
SlackPagerDuty