Forum Discussion
Solved
Creating Sentinel instances with code
I would like to use an infrastructure as code approach to create multiple Azure Sentinel instances consistently. Can anyone point me to some resources that would provide some recommendations about how this can be done?
- Yes, check out these resources: https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/ba-p/1131928 and https://medium.com/threat-hunters-forge/azure-sentinel-to-go-b5f6848d3c61 or if you prefer YouTube https://www.youtube.com/watch?v=Iu-zLuC5izg and it appears there is a GitHub repo here to save you a lot of this work https://github.com/javiersoriano/sentinelascode
8 Replies
- I am not sure which kind of IaC you are searching for, but Terraform each week releases resources for Sentinel 🙂
- Thanks for the comprehensive list of resources. Looks like I need to do some reading so that we can make some good decisions
Dean_Gross I would also add: https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Sentinel-All-In-One is it has 90% of what needs to be done already done. There is also a sub-folder, MSSPVersion, that sets up Azure Lighthouse as well.
- Thanks, obviously we already have some things 😀 . I just want to become more knowledgeable about the options
- Yes, check out these resources: https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/ba-p/1131928 and https://medium.com/threat-hunters-forge/azure-sentinel-to-go-b5f6848d3c61 or if you prefer YouTube https://www.youtube.com/watch?v=Iu-zLuC5izg and it appears there is a GitHub repo here to save you a lot of this work https://github.com/javiersoriano/sentinelascode
