SOC teams run digital forensics data acquisition procedures with Azure Automation, such as Azure virtual machine (VM) chain of custody or eDiscovery (Premium) for Microsoft Defender. SOC teams use automation during investigations.
Microsoft Sentinel uses managed identity to act on behalf of the Managed service identity (MSI) while interacting with playbooks, logic apps, or automation runbooks and the key vault. Others rely on the OMSIntegration API and are managed with the Azure Policy diagnostic settings. The main list of data connectors is managed by the SecurityInsights API. Microsoft Sentinel uses logical connectors, the Azure Data Connectors, to ingest security data, as in audits or metrics, from supported data sources, such as Azure Active Directory (Azure AD), Azure resources, Microsoft Defender, or third-party solutions. The policies are dependent on the OMSIntegration API. The policies help automate deployment of the Microsoft Sentinel data connectors, such as Azure Key Vault. SIEM engineers use Azure policies in the reference architecture, to configure and scale the diagnostic settings of the Azure services.
#Azure sentinel integrations update
Artifacts and source control maintain the extensions and update packages or components of the DevSecOps workflow that are used in the solution, such as Azure Resource Manager Template Toolkit and PowerShell Pester.The Azure Git repository stores the scripts and the permits to manage Microsoft Sentinel artifacts in the infrastructure as code.The scrum master and product management use Azure Boards to create the backlog, schedule work in sprints, review the project board, create the repository structure, and set security rules like approval workflows and branches.The scrum master and product management use Azure DevOps to define epics, user stories, and product backlog items as part of the project backlog.The following diagram shows an Azure DevOps and Microsoft Sentinel IaC setup.ĭownload a Visio file of this architecture. You then use a DevSecOps framework to manage and deploy Microsoft Sentinel artifacts at scale. You implement Azure DevOps by using Microsoft Sentinel capabilities to help secure your deployment.
#Azure sentinel integrations how to
This article describes how to automate Microsoft Sentinel integration and deployment operations with Azure DevOps.
0 kommentar(er)
