Getting set up
If you'd prefer a video walkthrough, take a look at the video below:
Create the environment in Azure
Login to your Azure account > Search "log analytics" > click Log Analytics workspaces:
Click Create:
Set the Subscription name (environment within Azure); Resource group (container of resources within this subscription), Instance (whatever you want to call this analytics workspace) and Region > Click Review + Create:
Once you've reviewed everything > click Create
This will take you back to the Log Analytics workspace where you'll click the one you're interested in:
Head to Settings > Agents > copy the Workspace ID and Primary key:
Enable the integration in Intruder
Head to the Integrations page > scroll down to Microsoft Sentinel > click + Add:
You'll then be presented with this modal, once you've entered the details > click Connect:
And finally, hit Complete setup and you're good to go!
FAQs
Will I know if there is an issue with my credentials?
Yes, we'll show this error message, so you'll know immediately:
What information will be sent to Sentinel?
We'll send a log containing the following (plus more) every time we find a new or fixed issue:
Data | What you see in Sentinel |
Account name | IntruderAccountName_s |
Target address | targets.address |
Target type | targets.type |
Issue title | vulnerability.title |
Issue description | vulnerability.description |
Remediation advice | vulnerability.remediation |
Scanner output | scanner_outputs.outputs |
Severity rating | vulnerability.severity |
Snooze details | snoozed |
Port | affected_hosts.port |
Protocol | affected_hosts.protocol |
Scan published date | assessment.published_date |
Tag names | TagNames_s |
(You can review and manage the list by heading to the appropriate environment > Settings > Table > click Migrate to manual schema management; and if there's anything missing, you can always raise a feature request here.)
This feature is only available to Premium users