Integrate with Azure Sentinel

Modified on Tue, 04 Jun 2024 at 03:44 PM


Azure Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise. By integrating Azure Sentinel with CloudDefense.ai, you can seamlessly monitor and analyze security vulnerabilities in your applications within a unified platform.


Setting Up Azure Sentinel Integration


Obtain the API Key from CloudDefense.ai:


Configure Microsoft Management Agent (MMA):

  • In your Azure Sentinel, configure the Microsoft Management Agent (MMA) feature.

Set Up the HTTP Data Source:


Create a Parser/Schema in Azure Sentinel:

  • Create a parser/schema within Azure Sentinel to access the key-value pairs from the JSON response.


Example JSON Schema


Below is an example schema that you can use to parse vulnerabilities data



For detailed information on sending REST API data to Azure Sentinel, visit the Microsoft Tech Community guide. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/sending-rest-api-data-to-azure-sentinel/ba-p/558896 >


Benefits

  • Unified Monitoring: Seamlessly track vulnerabilities across all your applications within Azure Sentinel.

  • AI-Powered Analysis: Leverage built-in AI to analyze large volumes of security data and prioritize remediation efforts.

  • Customizable Alerts: Create tailored alerts based on vulnerability severity, status, and more.


By following these steps, you'll integrate Azure Sentinel with CloudDefense.ai, allowing your organization to effectively monitor and respond to security vulnerabilities across your applications.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article