Configuring Knowledge Connector And Producing Exercise Knowledge in Microsoft Sentinel

By establishing a reference to the service and receiving the occasions and logs, Microsoft Sentinel can get information from apps and providers. Set up the information connector for Azure Exercise to ship information to Microsoft Sentinel for this QuickStart.

When you select the Content material hub from Microsoft Sentinel, for instance, Find and choose the Azure Exercise Listing.

Click on Set up/Replace on the toolbar on the prime of the web page.

Confirm the Notification: Set up Success.

Configure the information connector.

Select Knowledge connectors in Microsoft Sentinel.

Search for and select the information connector for Azure Exercise. (For instance, Microsoft Entra ID)

Open Connector web page needs to be chosen from the connector’s data pane.

To configure the connector, evaluation the setup directions.

Go to the Azure Coverage Task Wizard and choose Launch.

Set the subscription and useful resource group that incorporates an exercise to transmit to Microsoft Sentinel below the Fundamentals tab’s Scope setting. Select the subscription, as an example, that homes your Microsoft Sentinel occasion.

Click on the tab for parameters.

Assign the workspace for Main Log Analytics. That is the place Microsoft Sentinel should be positioned within the workspace.

Select Overview + Create and Press Begin.

Produce exercise data.

Enabling a rule that was a part of the Azure Exercise answer for Microsoft Sentinel will enable us to provide some exercise information. You can too see learn how to handle content material within the content material heart by following this step.

Select Content material Hub from Microsoft Sentinel.

Find and select the Microsoft Entra ID.

Select Handle from the pane on the appropriate.

Find and select the template for the foundations.

Select Configuration.

After selecting a rule, create a rule.

Guarantee that the Standing is enabled on the Common tab. Do not change the remaining default settings.

Settle for the opposite tabs’ default settings.

Select Create from the Overview and Create tab.

As soon as accomplished, we will see the outcome.

See the information that Microsoft Sentinel has ingested.

Select Knowledge connectors in Microsoft Sentinel.

Search for and select the information connector for Azure Exercise. (For instance, Microsoft Entra ID)

Open Connector web page needs to be chosen from the connector’s data pane.

Look at the information connector’s present standing. There should be a connection.

Select Go to log analytics from the pane on the left above the chart.

Abstract

The current article explains configuring the information connector and producing exercise information in Microsoft Sentinel. The following article will cowl the Set of Azure Sentinel Dashboards, Notebooks, and Queries.