Onboarding Azure Sentinel

Today Microsoft launched its born in the cloud SIEM as a service called Azure Sentinel. And being interested in security and all things Azure I thought that I might investigate this service (it is free whilst It is in preview). All up it takes about 2 minutes to add this service and connect it to an existing log analytics workspace. Luckily I already have one that I use in my subscription to log everything too. If you don’t have a Log Analytics Workspace you will need to create one but like most Azure portal deployments you are able to do so during the deployment process.

Below is a step by step walkthrough of the steps I took to on-board this service.

Login to Azure Portal with an account that has Global Admin access. Search for Azure Sentinel then click on the service that gets listed.

Click on the “Connect workspace” button.

Select a workspace if you already have one or you have an option to create then one. Click on “Add Azure Sentinel” button

You should see the following message as it is adding the service.

About a minute later it will notify you that it has successfully added Azure Sentinel to the workspace.

Refresh the Azure Sentinel blade and you should see your workspace displayed.

Click on the workspace.

That is it!

More information can be found on the Azure Sentinel Product page: https://azure.microsoft.com/en-us/services/azure-sentinel/

Have Fun!

Dries Venter

Leave a Reply

Your email address will not be published. Required fields are marked *