Getting set up
If you'd prefer a video walkthrough, take a look at the video below:
Create the environment in Azure
Login to your Azure account > Search "log analytics" > click Log Analytics workspaces:
Click Create:
Set the Subscription name (environment within Azure); Resource group (container of resources within this subscription), Instance (whatever you want to call this analytics workspace) and Region > Click Review + Create:
Once you've reviewed everything > click Create
This will take you back to the Log Analytics workspace where you'll click the one you're interested in:
Head to Settings > Agents > copy the Workspace ID and Primary key:
Enable the integration in Intruder
Head to the Integrations page > scroll down to Microsoft Sentinel > click + Add:
You'll then be presented with this modal, once you've entered the details > click Connect:
And finally, hit Complete setup and you're good to go!
FAQs
Will I know if there is an issue with my credentials?
Yes, we'll show this error message, so you'll know immediately:
What information will be sent to Sentinel?
We'll send a log containing the following (plus more) every time we find a new or fixed issue:
Account name
Target address
Target type
Issue title
Issue description
Remediation advice
Scanner output
Severity rating
Snooze details
Port
Protocol
Scan published date
Tag names
(You can review and manage the list by heading to the appropriate environment > Settings > Table > click Migrate to manual schema management; and if there's anything missing, you can always raise a feature request here.)
This feature is only available to Premium users