Azure Sentinel Integration

you can send your flare alerts directly to your azure sentinel instance here's how to configure flare and receive data in your sentinel workspace for detailed instructions, follow the storylane demo provided below configuration you will need a workspace with read/write permissions as well as keys (created in azure key vault) go to alert central click on create channel enter a name for the channel select "azure sentinel" as type fill in the information from azure workspace id and shared key go to sentinel > settings > workspace setting > agents management from there open the dropdown log analytics agent instructions you will see your workspace id and primary key there test channel confirm the values are correct by using the test channel button you should receive a test log inside your workspace log analytics within a minute create alert channel expected output you should by then receive all the data flare sends directly in your workspace's log analytics note that we will write in a table called firework cl flare solution we also have workbooks that aggregate the data you received in various dashboards and playbooks that automate opening of incidents and sending of emails when leaked credentials (email/password) are found you can create the solution on azure by clicking here related articles