Forum Discussion
Solved
Creating Sentinel instances with code
I would like to use an infrastructure as code approach to create multiple Azure Sentinel instances consistently. Can anyone point me to some resources that would provide some recommendations about ho...
- Yes, check out these resources: https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/ba-p/1131928 and https://medium.com/threat-hunters-forge/azure-sentinel-to-go-b5f6848d3c61 or if you prefer YouTube https://www.youtube.com/watch?v=Iu-zLuC5izg and it appears there is a GitHub repo here to save you a lot of this work https://github.com/javiersoriano/sentinelascode
How can we determine which connectors can be automatically configured?
Javier-Soriano
Microsoft
MicrosoftOur stable API has the list of things that can be deployed programatically: https://docs.microsoft.com/en-us/rest/api/securityinsights/dataconnectors/createorupdate
There's other connectors outside of that list that are based on diagnostics settings or solutions on top of the Log Analytics workspace, that can also be enabled programatically.
Regards
There's other connectors outside of that list that are based on diagnostics settings or solutions on top of the Log Analytics workspace, that can also be enabled programatically.
Regards