- Platform
Azure Sentinel
This article describes how to set up and use Azure Sentinel. It is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that integrates with IONIX’s attack surface management platform.
Setting Up A Log Analytics Workspace
1. Open the Azure portal and select Azure Sentinel.
2. Select +Add.
3. Select Create a new workspace.
4. Fill in the required information and create workspace:
Linking The Logs Analytics Workspace To Azure Sentinel
1. Open the Azure portal and select Azure Sentinel.
2. Select +Add.
3. Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.
Finding Your Log Analytics Workspace ID And Primary Key
1. Go to the IONIX connector page
2. Copy the Workspace ID as well as the Primary key.
3. Select the Logs Analytics Workspace that you’ve just created or an existing one you’d like to utilize.
Configuring The Integration At The IONIX Platform
1. Log in the IONIX platform, navigate to Settings -> Integrations.
2. Fill in the values copied in the previous steps (primary key & workspace ID).
Handling possible error codes
Status Required Action Success None. INACTIVE_CUSTOMER The workspace has been deactivated. INVALID_CUSTOMER_ID Please make sure you entered the correct workspace ID. INVALID_AUTHORIZATION The service failed to authenticate the request. Verify that the workspace ID and shared key are valid. AZURE_CONNECTION_ERROR Could not connect to a specific workspace API. This could be because the workspace API is incorrect AZURE_SERVER_ERROR Azure API returned a server error (5XX). Try again later or contact IONIX support if the issue persists UNKNOWN_ERROR Contact IONIX support for assistance
