Skip to main content
All CollectionsIntegrationsSIEMS
Microsoft Sentinel integration
Microsoft Sentinel integration

Push Intruder findings into your SIEM

Updated over a month ago

Getting set up

If you'd prefer a video walkthrough, take a look at the video below:

Create the environment in Azure

Login to your Azure account > Search "log analytics" > click Log Analytics workspaces:

Click Create:

Set the Subscription name (environment within Azure); Resource group (container of resources within this subscription), Instance (whatever you want to call this analytics workspace) and Region > Click Review + Create:


Once you've reviewed everything > click Create

This will take you back to the Log Analytics workspace where you'll click the one you're interested in:

Head to Settings > Agents > copy the Workspace ID and Primary key:

Enable the integration in Intruder

Head to the Integrations page > scroll down to Microsoft Sentinel > click + Add:

You'll then be presented with this modal, once you've entered the details > click Connect:

And finally, hit Complete setup and you're good to go!


FAQs

Will I know if there is an issue with my credentials?

Yes, we'll show this error message, so you'll know immediately:


What information will be sent to Sentinel?

We'll send a log containing the following (plus more) every time we find a new or fixed issue:

What you see in Sentinel

Account name

Target address

Target type

Issue title

Issue description

Remediation advice

Scanner output

Severity rating

Snooze details

Port

Protocol

Scan published date

Tag names

(You can review and manage the list by heading to the appropriate environment > Settings > Table > click Migrate to manual schema management; and if there's anything missing, you can always raise a feature request here.)

This feature is only available to Premium users

Did this answer your question?