# Azure Sentinel

This integration will allow to fetch Incident and associated Alert data from Azure Sentinel to BluSapphire.

### Overview

1. **Centralized Console:** Azure Sentinel serves as a unified control center for security log management. It consolidates information from various sources, providing security teams with a singular platform to monitor and respond to potential threats. This eliminates the need to navigate multiple interfaces, streamlining the investigation process.
2. **Alert Generation:** By analyzing events originating from a wide range of IT devices, including network components and security infrastructure, Sentinel's Security Information and Event Management (SIEM) capabilities  identify suspicious activities and triggers alert.
3. **BluSapphire Integration:** The seamless integration between Azure Sentinel and the BluSapphire platform extends the incident monitoring process. Alerts generated within Sentinel, along with the associated incident data, are seamlessly transmitted to BluSapphire. This enables ongoing tracking and analysis, facilitating a continuous security monitoring process. The data transition ensures that the insights derived from Azure Sentinel's analysis remain accessible for further evaluation and response within the BluSapphire environment and also avoid duplication of log data.

**Requirements to fetch Alert & Incident data from customer:**

<figure><img src="/files/PVKCu3APaGrSuN00X3XW" alt=""><figcaption></figcaption></figure>

To obtain the mentioned information, follow these outlined steps.

1. **Login:** Log in to your Azure administration portal&#x20;
2. **Search:** Once logged in, use the search functionality provided within the portal. This is typically located at the top of the interface.

Within the Search tab - lookup to Resource Group created for Sentinel Deployment, once found, make a note of it.&#x20;

You may refer to the below screenshort for your reference.

<figure><img src="/files/GZBKsshODbb8j1M4C8b4" alt=""><figcaption></figcaption></figure>

Now, Within the Search tab - lookup to Subscription, once found, make a note of it.&#x20;

You may refer to the below screenshort for your reference.

<figure><img src="/files/Qi0QmX0EvGqXg9UXenqs" alt=""><figcaption></figcaption></figure>

Within the Search tab - lookup to Workspaces, once found, make a note of it.&#x20;

You may refer to the below screenshort for your reference.

<figure><img src="/files/JZbH7NqfHSerdC0Z9nWv" alt=""><figcaption></figcaption></figure>

**Execute Azure Authentication**&#x20;

<figure><img src="/files/6C9wQmncDZ3zguHFa4ED" alt=""><figcaption></figcaption></figure>

Authenticate the system by following the above steps.

Post that, Customer then to share 'Resource Group', 'Subscription ID', Workspace Name' with BluSapphire deployment engineering team.

Customer may follow the following URL for further insights (if necessary)

{% embed url="<https://learn.microsoft.com/en-us/rest/api/securityinsights/stable/incidents/list?tabs=HTTP#uri-parameters>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/cloud-log-forwarding/azure-microsoft/azure-sentinel.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.