Azure Sentinel

This article describes how to set up and use Azure Sentinel. It is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that integrates with IONIX’s attack surface management platform.

Setting Up A Log Analytics Workspace

1. Open the Azure portal and select Azure Sentinel.

Screenshot of the Azure portal showing a search for "sentinel", resulting in a list of Azure Sentinel services and documentation links.

2. Select +Add.

Screenshot of the Azure Sentinel workspaces page, showing options to add, refresh, and view incidents.

3. Select Create a new workspace.

Screenshot of the Azure Sentinel workspace page, showing options to add Azure Sentinel to a workspace, create a new workspace, refresh the page, and filter by name.

4. Fill in the required information and create workspace:

Screenshot of the Azure portal showing the form to create a new Log Analytics workspace. The form includes fields for subscription, resource group, name, and region.

Linking The Logs Analytics Workspace To Azure Sentinel

1. Open the Azure portal and select Azure Sentinel.

Screenshot of the Azure portal showing a search for "sentinel", resulting in a list of Azure Sentinel services and documentation links.

2. Select +Add.

Screenshot of the Azure Sentinel interface showing options to add Azure Sentinel to a workspace, create a new workspace, refresh the view, and filter by name.

3. Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.

Finding Your Log Analytics Workspace ID And Primary Key

1. Go to the IONIX connector page

Screenshot of the Azure portal showing a search for "sentinel", resulting in a list of Azure Sentinel services and documentation links.

2. Copy the Workspace ID as well as the Primary key.

Screenshot showing the configuration steps for integrating Cyberpion Security Logs with Azure Sentinel, including input fields for Workspace ID and Primary Key.

3. Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.

Configuring The Integration At The IONIX Platform

1. Log in the IONIX platform, navigate to Settings -> Integrations.

Screenshot of the Azure portal showing a search for "sentinel", resulting in a list of Azure Sentinel services and documentation links.

2. Fill in the values copied in the previous steps (primary key & workspace ID).

CyberPion dashboard showing integration settings for ServiceNow, Jira, and Sentinel, with options to enable or disable each integration and to configure settings for Sentinel integration.

Handling possible error codes

StatusRequired Action
SuccessNone.
INACTIVE_CUSTOMERThe workspace has been deactivated.
INVALID_CUSTOMER_IDPlease make sure you entered the correct workspace ID.
INVALID_AUTHORIZATIONThe service failed to authenticate the request. Verify that the workspace ID and shared key are valid.
AZURE_CONNECTION_ERRORCould not connect to a specific workspace API. This could be because the workspace API is incorrect
AZURE_SERVER_ERRORAzure API returned a server error (5XX). Try again later or contact IONIX support if the issue persists
UNKNOWN_ERRORContact IONIX support for assistance