Azure Sentinel

introduction this guide tells you how to authenticate the microsoft azure sentinel connector in swimlane using oauth 2 0 client credentials you will create an azure app, assign required permissions, collect required identifiers, and configure the connector in swimlane prerequisites azure access requirements you must have azure permissions to register applications under azure active directory assign api permissions view subscription and workplace information assign roles on the azure sentinel workspace required credentials during setup, you will collect client id client secret tenant id token url host url subscription id resource group name workspace name workspace id token urls true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type host urls true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type azure setup take the following steps to register the application navigate to azure portal > azure active directory > app registrations click new registration enter an application name choose accounts in this organizational directory only click register take the following steps to assign api permissions open api permissions tab click add a permission add the following permissions microsoft graph/securityevents readwrite all windowsdefenderatp/alert readwrite all take the following steps to generate a client secret navigate to certificates & secrets click new client secret add description and expiration copy and save the value this saved value is client secret take the following steps to collect required identifiers from app registration > overview , copy client id tenant id from the azure workspace sections, copy resource group name subscription id workspace name workspace id connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration and click assets asset homepage opens click the plus icon to open the configure your connector asset window select microsoft azure sentinel from the asset type list fill in the asset settings and asset input as shown true 220,220,221 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type fields with marks are required click create troubleshooting if you encounter a 403 error ensure the azure app is added to the sentinel workspace assign contributor role you have successfully authenticated the azure sentinel connector in swimlane