Step 1: Sign-in to Azure Portal
- Visit https://portal.azure.com
- Sign in using your Azure Account
Step 2: Create or Select a Workspace for Log Analytics
Microsoft Sentinel will require a Log Analytics workspace.
- In the Azure Portal, search for Log Analytics workspaces.
- Click on “Create“.
- Fill in the required fields:
- Subscription Select the subscription you want.
- Group Resource: Add a new group or select one already existing.
- Specify a unique naming for the workspace.
- Region Choose the appropriate Azure region.
- Click «Review + Creating». Next, click «Create».
Step 3: Install Microsoft Sentinel
- Return to Azure portal’s home page after creating workspace.
- Find “Microsoft Sentinel” by searching.
- Click on “Create“.
- In the past, there were many ways to help you. Microsoft Sentinel: Create a Microsoft Sentinel page:
- Select the subscription.
- Select the workspace for Log Analytics that you just created.
- Click ‘Review + Creating’. Next, click ‘Create.
Step 4: Add Data connectors
To gather information on security:
- Navigate from the Microsoft Sentinel workspace to , “Data connectors”.
- Select the datasources you want to link (e.g. Azure, Office 365 or Firewall). ).
- Follow the instructions provided by each connector in order to configure and authorise data ingestion.
Step 5: Create Analytics Rules Playbooks and Rules (Optional).
- Analytics Rule: Automate alerting by conditions.
- Playbooks Automate actions with Logic Apps.
Create these by going to ‘Analysis’, and ‘Automation.
Step 6: Monitor and Respond
- Use the «Overview» page, HTML1«Incidents» page, and HTML2«Hunting» page to monitor security updates.
- Investigate an incident and respond with the integrated tools.