For example, for public cloud, leave the value empty for Azure GovUS cloud environment, specify the value in the following format: Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud.In the Application settings tab, select ** New application setting**.Īdd each of the following application settings individually, with their respective string values (case-sensitive): In the Function App, select the Function App Name and select Configuration. Go to Azure Portal for the Function App configuration. A notification is displayed after your function app is created and the deployment package is applied. For better performance and lower costs choose the same region where Microsoft Sentinel is located.ĭeployment will begin. The name you type is validated to make sure that it's unique in Azure Functions. Enter a globally unique name for the function app: Type a name that is valid in a URL path. Select Create new Function App in Azure (Don't choose the Advanced option)ĭ. Select Subscription: Choose the subscription to use.Ĭ. Select folder: Choose a folder from your workspace or browse to one that contains your function app.ī. Provide the following information at the prompts:Ī. If you're already signed in, go to the next step. If you aren't already signed in, choose the Azure icon in the Activity bar, then in the Azure: Functions area, choose Sign in to Azure Select the top level folder from extracted files.Ĭhoose the Azure icon in the Activity bar, then in the Azure: Functions area, choose the Deploy to function app button. Choose File in the main menu and select Open Folder. Extract archive to your local development computer. NOTE: You will need to prepare VS code for Azure function development.ĭownload the Azure Function App file. Use the following step-by-step instructions to deploy the SentinelOne Reports data connector manually with Azure Functions (Deployment via Visual Studio Code). Option 2 - Manual Deployment of Azure Functions Mark the checkbox labeled I agree to the terms and conditions stated above. Enter the SentinelOneAPIToken, SentinelOneUrl ( and deploy.Ĥ. Select existing resource group without Windows apps in it or create new resource group.ģ. NOTE: Within the same resource group, you can't mix Windows and Linux apps in the same region. Select the preferred Subscription, Resource Group and Location. Use this method for automated deployment of the SentinelOne Audit data connector using an ARM Tempate. Option 1 - Azure Resource Manager (ARM) Template IMPORTANT: Before deploying the SentinelOne data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following). STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function Please review SentinelOne documentation to learn more about custom RBAC. NOTE :- Admin access can be delegated using custom roles. Save credentials of the new user for using in the data connector.Enter the information for the new console user.In the Management Console, click Settings.Log in to the SentinelOne Management Console with Admin user credentials.STEP 1 - Configuration steps for the SentinelOne APIįollow the instructions to obtain the credentials. The function usually takes 10-15 minutes to activate after solution installation/update. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias SentinelOne and load the function code or click here. This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. See the documentation to learn more about API on the Vendor installation instructions
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |