Azure Sentinel

This article describes how to set up and use Azure Sentinel. It is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that integrates with the Cyberpion platform.

Setting Up A Log Analytics Workspace

1.

Open the Azure portal and select Azure Sentinel.

2.

Select +Add.

3.

Select Create a new workspace.

4.

Fill in the required information and create workspace:

Linking The Logs Analytics Workspace To Azure Sentinel

1.

Open the Azure portal and select Azure Sentinel.

2.

Select +Add.

3.

Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.

Finding Your Log Analytics Workspace ID And Primary Key

1.

Go to the Cyberpion connector page

2.

Copy the Workspace ID as well as the Primary key.

3.

Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.

Configuring The Integration At The Cyberpion Platform

1.

Log in the Cyberpion platform, navigate to Settings -> Integrations.

2.

Fill in the values copied in the previous steps (primary key & workspace ID).

Handling possible error codes

Status Required Action
Success None.
INACTIVE_CUSTOMER The workspace has been deactivated.
INVALID_CUSTOMER_ID Please make sure you entered the correct workspace ID.
INVALID_AUTHORIZATION The service failed to authenticate the request. Verify that the workspace ID and shared key are valid.
AZURE_CONNECTION_ERROR Could not connect to a specific workspace API. This could be because the workspace API is incorrect
AZURE_SERVER_ERROR Azure API returned a server error (5XX). Try again later or contact Cyberpion support if the issue persists
UNKNOWN_ERROR Contact Cyberpion support for assistance

Let Us
Show You.

What Do You Really Know About The
Security Posture Of Your Digital Ecosystem?

See the risks you’re exposed to with a vulnerability assessment.