Azure Sentinel Integration

💡

Azure Sentinel is a cloud-based security information and event management (SIEM) system developed by Microsoft. It helps organizations collect, analyze, and investigate security-related data from various sources, including cloud and on-premises environments.

Users can integrate Azure Sentinel to Plerion and receive alerts as Sentinel incidents.

⚠️

Note: The Sentinel outbound integration is one-way only, meaning that alerts created or updated in Plerion will be reflected in Sentinel, but changes made directly to Sentinel incidents will not be synced back to Plerion.

Steps for adding a Sentinel Integration

  1. On the Plerion Dashboard, Click on Settings and click on Integrations.

Tenant Settings

  1. Click the 'Sentinel' + button.

Tenant Settings

  1. On the Connect Sentinel tab, provide a name for the integration and follow the instructions.

Tenant Settings

  1. On the Connect Sentinel tab, provide Application ID, Directory ID , Secret and Subscription ID. Select 'Next'.

Tenant Settings

  1. On the Choose Workspace tab, select workspace, resource group and severity of incidents to be created on Sentinel.

  2. Select Send test message to check if the configuration selected by the user is correct. Test message created has the following format.

Tenant Settings

Tenant Settings

  1. Select Add to add the Sentinel integration.
PagerDutyAWS Security Hub