Skip to main content

Sentinel


Resource Icon

Resource Overview

Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) service offered by Microsoft Azure. It provides comprehensive security solutions with intelligent analytics and threat intelligence to protect IT infrastructure and assets from cyber threats. Azure Sentinel collects data from various sources, including servers, networks, applications, and devices, to offer an integrated view of security threats across the organization. It uses advanced analytics and machine learning algorithms to detect and respond to threats in real time.

Associated Resources

Parent Resource

Connected Resources

Resource Setting Values

  • linked_workspace_name : The name of the Log Analytics Workspace to connect the Sentinel to

  • connect_security_center : Whether to connect the Microsoft Defender for Cloud Data Connector to Sentinel - true,false

  • connect_threat_intelligence : Whether to connect the Threat Intelligence Platform(Preview) Data Connector to Sentinel - true,false

  • connect_advanced_threat_protection : Whether to connect the Microsoft Defender for Identity Data Connector to Sentinel - true,false

  • connect_microsoft_defender : Whether to connect the Microsoft Defender Data Connector for endpoints to Sentinel - true,false

  • connect_office_365 : Whether to connect the Office 365 Data Connector to Sentinel - true,false

  • connect_cloud_app_security - true, false

  • fusion_rule_rule_guid : Whether to connect the Microsoft Defender for Cloud Apps Data Connector to Sentinel

  • behavior_analytics_rule_guid : GUID list of Sentinel ML Behavior Analytics Rule

  • alert_rule_incident

    • display_name : The display name of this Sentinel MS Security Incident Alert Rule
    • product : The Microsoft Security Service from where the alert will be generated
    • severity : Only create incidents from alerts when alert severity level is contained in this list - High,Medium,Low,Informational

  • alert_rule_scheduled :

    • display_name : The friendly name of this Sentinel Scheduled Alert Rule
    • severity : The alert severity of this Sentinel Scheduled Alert Rule - High,Medium,Low,Informational
    • query : The query of this Sentinel Scheduled Alert Rule

  • tag : Tag to categorize resources - up to 512 characters, key:value

Reference Materials