Microsoft Sentinel
  • 29 Apr 2024
  • 2 Minutes to read
  • Contributors

    Microsoft Sentinel


      Article summary

      Understanding Data Exporting to Microsoft Sentinal

      This article describes how to set up and use Microsoft Sentinel (formerly Azure Sentinel). It is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that integrates with the Perimeter 81 platform. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. You can configure your Perimeter 81 data stream to Microsoft Sentinel to have full visibility of your Perimeter 81 activity.

      Setting up a Log Analytics workspace


      If you are using an existing log analytics workspace, you may skip this part.

      1. Open the Azure portal and select Azure Sentinel.

      360010227859ScreenShot2020-03-23at153802.png

      1. Select +Add.

      360010228059ScreenShot2020-03-23at154045.png

      1. Select Create a new workspace.

      360010201320ScreenShot2020-03-23at154155.png

      1. Fill in the following information:

      360010201220ScreenShot2020-03-23at154319.png

      • Subscription: Choose a subscription according to your business's needs.
      • Resource group: Associate the log analytics workspace with the appropriate business unit.
      • Name: Choose the name of your own choice. The workspace name should include 4-63 letters, digits, or '-'. The '-' shouldn't be the first or the last symbol.
      • Region: The physical location of the server generating the event collector. Choose according to pricing and business needs.
      • (Optional) Review the pricing tiers and set appropriate tags for the workspace.
      • Select Review + Create.

      Linking the Logs Analytics workspace to Microsoft Sentinel

      1. Open the Azure portal and select Azure Sentinel.

      360010227859ScreenShot2020-03-23at1538021.png

      1. Select +Add.

      360010228059ScreenShot2020-03-23at1540451.png

      1. Select the Logs Analytics Workspace that you've just created or an existing one you'd like to utilize.

      Finding your Log Analytics workspace ID and primary key

      1. Open Log Analytics Workspace.
        360010206740ScreenShot2020-03-23at204142.png
      2. Select the workspace you've just connected to Microsoft Sentinel.
      3. Select Advanced settings.
        360010233519ScreenShot2020-03-23at204321.png
      4. Select Connected Sources, then Linux Servers. Copy the Workspace ID as well as the Primary key.
        36001023361911.jpg

      Configuring the integration at the Management Platform

      1. Log in to your Management Platform, navigate to Settings/Integrations, and select Add at the Microsoft Sentinel row.
      2. Fill in the values copied in the previous steps (the primary key will use as your workspace key).
        360010202580ScreenShot2020-03-23at152607.png
      3. Select Validate.

      Recommendations

      • When setting up the integration with Microsoft Sentinel, ensure that you have the correct Log Analytics Workspace ID and Primary Key.
      • If you encounter error codes such as "SENTINEL_INACTIVE_CUSTOMER" or "SENTINEL_INVALID_AUTHORIZATION", review the provided workspace details and ensure they are accurate.

      Troubleshooting

      Status MessageAction Required
      SuccessNone.
      SENTINEL_INACTIVE_CUSTOMERThe workspace has been deactivated.
      SENTINEL_INVALID_CUSTOMER_IDPlease make sure you entered the correct customer ID.
      SENTINEL_INVALID_AUTHORIZATIONThe service failed to authenticate the request. Verify that the workspace ID and connection key are valid.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com.


      Was this article helpful?

      What's Next