Getting set up
If you'd prefer a video walkthrough, take a look at the video below:
Create the environment in Azure
Login to your Azure account > Search "log analytics" > click Log Analytics workspaces
:
Click Create
:
Set the Subscription
name (environment within Azure); Resource
group (container of resources within this subscription), Instance
(whatever you want to call this analytics workspace) and Region
> Click Review + Create
:
Once you've reviewed everything > click Create
This will take you back to the Log Analytics workspace where you'll click the one you're interested in:
Head to Settings > Agents > copy the Workspace ID
and Primary key
:
Enable the integration in Intruder
Head to the Integrations page > scroll down to Microsoft Sentinel > click + Add
:
You'll then be presented with this modal, once you've entered the details > click Connect
:
And finally, hit Complete setup
and you're good to go!
FAQs
Will I know if there is an issue with my credentials?
Yes, we'll show this error message, so you'll know immediately:
What information will be sent to Sentinel?
We'll send a log containing the following (plus more) every time we find a new or fixed issue:
| What you see in Sentinel |
Account name |
|
Target address |
|
Target type |
|
Issue title |
|
Issue description |
|
Remediation advice |
|
Scanner output |
|
Severity rating |
|
Snooze details |
|
Port |
|
Protocol |
|
Scan published date |
|
Tag names |
|
(You can review and manage the list by heading to the appropriate environment > Settings > Table > click Migrate to manual schema management
; and if there's anything missing, you can always raise a feature request here.)
This feature is only available to Premium users