It's a typical workflow that we see implemented no matter what the SIEM is and one that lends itself to utilizing the Send to Story Action in Tines. The first step of many drive-by questions or reactions to intelligence is to ask the SIEM what it knows. Log Analytics API's Data.Read - used for querying Log Analytics data. Microsoft Graph's offline_access - provides long-lasting OAuth access. Microsoft Graph's - used for creating threat indicators in Azure Sentinel. Microsoft Graph's - used for setting up the alerts webhook and reading alerts. This will follow the same process, except we will need to include the additional delegated API scopes for everything we'll go over:
#Azure sentinel integrations how to#
We've written previously about how to set up authentication to Microsoft resources ( ). Step one is interacting with it is always getting the correct permissions for access. It provides a singular point to interact with a large majority of Microsoft cloud services.
Our love (there's a small bit of fist-shaking in there too) for the Microsoft Graph API runs deep. In this blog we'll discuss working with alerts generated by detections, querying the Log Analytics backend of Azure Sentinel with data from other sources, and adding threat intelligence indicators leveraging Azure Sentinel's watchlist. Tines is a no-code automation platform that helps security teams get the most out of Azure Sentinel. Azure Sentinel proves itself to both small businesses and data heavily organizations at the same time. The ability to flip a switch and have a detection platform that incorporates some of the most valuable data in the Azure ecosystem like Microsoft 365 is unmatched. In 2019, Microsoft announced Azure Sentinel and it's since grown exponentially in capability and community. and I've been there dealing with influxes of logs and rolling database tables every two days! Engineers and analysts are finally able to get the most out of their data without spending more than half their days just keeping it working. It makes total sense: bandwidth is prevalent, storage in the cloud is cheap, sizing is no longer a necessary concern before beginning, and compute resources for intense queries are abstracted from users. Organizations are increasingly turning to cloud-based SIEM solutions.
0 kommentar(er)
