INTEGRATIONS

Azure Sentinel Integration

5min

You can send your Flare alerts directly to your Azure Sentinel instance. Here's how to configure Flare and receive data in your Sentinel Workspace. For detailed instructions, follow the storylane demo provided below.



Configuration

You will need a Workspace with read/write permissions as well as Keys (created in Azure Key Vault)

1
Document image

2

Click on Create Channel

Document image

3

Enter a Name for the Channel

Document image

4

Select "Azure Sentinel" as Type

Document image

5

Fill in the information from Azure

Document image


Workspace ID and Shared Key: Go to Sentinel -> Settings -> Workspace Setting -> Agents Management. From there open the dropdown Log Analytics agent instructions.

You will see your workspace ID and Primary key there.

6

Test Channel

Document image


Confirm the values are correct by using the Test Channel button. You should receive a test log inside your Workspace Log analytics within a minute.

7

Create Alert Channel

Document image


Expected Output

You should by then receive all the data Flare sends directly in your Workspace's Log Analytics. Note that we will write in a table called Firework_CL.

Document image


Flare Solution

We also have Workbooks that aggregate the data you received in various Dashboards and Playbooks that automate opening of incidents and sending of emails when leaked credentials (email/password) are found.

You can create the Solution on Azure by Clicking Here.

Related Articles