Home

Programmatic Deployment

%3CLINGO-SUB%20id%3D%22lingo-sub-869403%22%20slang%3D%22en-US%22%3EProgrammatic%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869403%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20investigating%20automating%20an%20Azure%20Sentinel%20deployment%2C%20however%2C%20I%20can't%20see%20anything%20in%20the%20ARM%20reference%20for%20Azure%20Sentinel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ftemplates%2Fmicrosoft.security%2Fallversions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ftemplates%2Fmicrosoft.security%2Fallversions%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20share%20how%20one%20might%20deploy%20%26amp%3B%20configure%20Azure%20Sentinel%20programmatically%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EBG%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870229%22%20slang%3D%22en-US%22%3ERe%3A%20Programmatic%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870229%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413287%22%20target%3D%22_blank%22%3E%40bytemech%3C%2FA%3E%26nbsp%3BThere%20is%20nothing%20available%20now%20(believe%20me%20I%20have%20been%20bugging%20anyone%20I%20know%20to%20try%20to%20get%20some%20information%20on%20it)%20but%20I%20was%20told%20it%20would%20be%20coming%20soon.%26nbsp%3B%20No%20firm%20date%20that%20I%20know%20of%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873134%22%20slang%3D%22en-US%22%3ERe%3A%20Programmatic%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413287%22%20target%3D%22_blank%22%3E%40bytemech%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENo%20planned%20date%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-874555%22%20slang%3D%22en-US%22%3ERe%3A%20Programmatic%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874555%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CDIV%20class%3D%22ellip%22%3EHow%20do%20you%20guys%20manage%20your%20configurations%20(Analytics%20rules%2C%20Playbook%2C%20Workbooks%2C%20Data%20Connectors)%20%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20you%20keep%20a%20copy%20on%20a%20private%20DevOps%20project%20and%20deploy%20the%20configuration%20manually%20%3F%20(could%20be%20automate%20for%20the%20PlayBook%20..)%3CBR%20%2F%3Eor%20just%20configure%20the%20solution%20without%20any%20copies%20in%20DevOps%20...%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879137%22%20slang%3D%22en-US%22%3ERe%3A%20Programmatic%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879137%22%20slang%3D%22en-US%22%3E%3CP%3EA%20solution%20could%20be%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fwortell%2FAZSentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fwortell%2FAZSentinel.%3C%2FA%3E%3CBR%20%2F%3EThis%20module%20allow%20us%20create%20%2C%20remove%2C%20update%20Sentinel%20rules%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
bytemech
Regular Visitor

Hello, 

 

I'm investigating automating an Azure Sentinel deployment, however, I can't see anything in the ARM reference for Azure Sentinel.

 

https://docs.microsoft.com/en-us/azure/templates/microsoft.security/allversions

 

Could you share how one might deploy & configure Azure Sentinel programmatically?

 

Cheers,

BG

4 Replies

@bytemech There is nothing available now (believe me I have been bugging anyone I know to try to get some information on it) but I was told it would be coming soon.  No firm date that I know of yet.

@bytemech 

 

No planned date yet.

Hi ,

How do you guys manage your configurations (Analytics rules, Playbook, Workbooks, Data Connectors) ? 

Do you keep a copy on a private DevOps project and deploy the configuration manually ? (could be automate for the PlayBook ..)
or just configure the solution without any copies in DevOps ...

A solution could be https://github.com/wortell/AZSentinel.
This module allow us create , remove, update Sentinel rules :)

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies