In my post about “First steps setting up Microsoft Sentinel” we prepared our Microsoft Sentinel environment to use it for different connectors. Now we want to configure our first connector to get data from Azure Active Directory (AAD).
- We start in Microsoft Sentinel blade and navigate to “Data connectors”. From there we search for “Azure Active Directory” and select the connector. On the right side opens a new blade. Click on “Open connector page”!
On the connector blade for Azure Active Directory we get first information, if workbooks, queries and analytic rule templates are available. Furthermore we get to know how many data is received and which data types are connected.
2. In the configuration pane we can choose which logs should be collected. Because we don’t want to miss any information, we choose every checkbox and click “Apply Changes”.
3. If the setup was successful, diagnostic settings in Azure AD will be updated with our chosen settings.
4. Click on “Edit setting” to check the settings!
5. On the left side every log should be marked that we have chosen at the configuration pane. The right side shows the Log Analytic workspace that is used for forwarding data.
That’s it! This is an easy way to setup connectors directly integrated into Microsoft Sentinel. Microsoft takes all the effort to create and configure the needed settings. In later articles we will go through configuration of more complex connectors.
Please leave a comment below and share with other nerds, thx 😉
Huhu 🙂
Bin durch Daniels Xing Beiträge auf deinen Blog gestoßen und freue mich, dass ich durch dich noch weitere Eindrücke über MS Security Themen erhalten kann. Damit beschäftige ich mich seit einigen Wochen auch intensiv. Ich “darf” in zwei Wochen auch einen Workshop zu dem Thema halten …. yeah 🙂
Hoffe dir geht es gut soweit 🙂
Liebe Grüße
Micha
Hi Micha,
schön von dir zu hören :). Viel Erfolg bei deinem Workshop und wenn du Fragen haben solltest kannst du mich auch jederzeit gerne bei LinkedIn oder Twitter anschreiben :).
Viele Grüße
Andreas