Microsoft Sentinel
Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise — fast.
Creating a Microsoft Sentinel connection
Create the connection by using one of the following methods:
Stage One: Microsoft Azure Platform
Using App Registration
To create the connection you need:
- A Client ID
- A Client Secret
- A Tenant ID
note
Please make sure to give the app the correct roles and permissions following the Roles and permissions in Microsoft Sentinel documentation.
Please note, when you hover when you move your cursor to the lower part of the arcade screen, navigation tabs will emerge. These tabs enable you to freely navigate through the tutorial at your convenience.
Stage Two: Blink Ops PLatform
Creating your Connection Written Step-By-step Guide
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the Microsoft Sentinel icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select App Registration as the method to create the connection.
- Fill in the parameters:
- The Client ID
- The Client Secret
- The Tenant ID
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.
Using OAuth Connection Method Written Step-By-step Guide
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the Microsoft Sentinel icon. A dialog box with name of the connection and connection methods appears.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Click Microsoft Sentinel to authenticate using OAuth.
- Sign in using your credentials.