Skip to content

Microsoft Sentinel Integration

Once configured, Valtix Alerts will be sent to Microsoft Sentinel using the defined Alert Service and Alert Rule.

Prerequisites

In order to send alerts to Microsoft Sentinel, the following information is required:

  • Azure Log Analytics Workspace
  • Azure Log Table

Create an Alert Service

  1. Navigate to Administration -> Alert Profiles -> Services
  2. Click Create
  3. Name - Enter unique name for the alert integration. Example valtix-MSSentinel-profile.
  4. Description (optional) - Enter a description for the alert integration
  5. Type - Using the pulldown, choose Microsoft Sentinel
  6. API Key - Specify the Shared Key created in Azure for the Azure Log Analytics Workspace
  7. Azure Log Table Name - Specify the name of the Azure Log defined when creating the Azure Log Analytics Workspace
  8. Azure Log Analytics Workspace ID - Specify the ID of the Azure Log Analytics Workspace
  9. Click Save

Create an Alert Rule

  1. Navigate to Settings -> Alert Profiles -> Alert Rules
  2. Click Create
  3. Profile Name - Enter unique name for the integration. Example valtix-MSSentinel-alert-rule.
  4. Description (optional) - Enter a description for the alert rule
  5. Alert Profile - Using the pulldown, choose a PagerDuty Alert Profile. As example, select profile created above valtix-MSSentinel-profile.
  6. Type - Using the pulldown, select either System Logs or Discovery
  7. Sub Type - For Type System Logs, the Sub Type pulldown options are either: Gateway or Account. For Type Discovery, the Sub Type pulldown option is: Insights Rule.
  8. Severity - For selected Type System Logs, and using the pulldown, select a Severity level from options: Info Warning Medium High or Critical. For Type Discovery, select a Severity level from options: Info Medium Critical.
  9. Enabled - Using the checkbox, check to enable this alert profile
  10. Click Save