New Blog Post | What's new: Azure Sentinel new onboarding/offboarding API

%3CLINGO-SUB%20id%3D%22lingo-sub-2653504%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20What's%20new%3A%20Azure%20Sentinel%20new%20onboarding%2Foffboarding%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2653504%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1629137274643.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303575iB1BACF92497A11E6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1629137274643.png%22%20alt%3D%22JasonCohen1892_0-1629137274643.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-s-new-azure-sentinel-new-onboarding-offboarding-api%2Fba-p%2F2640471%22%20target%3D%22_blank%22%3EWhat's%20new%3A%20Azure%20Sentinel%20new%20onboarding%2Foffboarding%20API%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Sentinel%20is%20a%E2%80%AFnested%20resource%20on%20top%20of%20a%20Log%20Analytics%20workspace%2C%20which%20introduces%20some%20complexity%20in%20managing%20the%20Azure%20Sentinel%20resource%20on%20its%20own.%20Up%20until%20now%2C%20onboarding%20to%20Azure%20Sentinel%20required%20performing%20multiple%20API%20calls%20to%20multiple%20endpoints.%20When%20done%20by%20the%20UI%20the%20complexity%20is%20hidden%20from%20end%20user%20but%20for%20API%20users%2C%20this%20created%20complexities.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3E%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3ETo%20overcome%20this%2C%20we%20introduce%20a%20dedicated%20endpoint%20called%20%E2%80%9COnboardingStates%E2%80%9D.%20This%20endpoint%20allows%20managing%20the%20Azure%20Sentinel%20instance%20seamlessly%20on%20a%20workspace%20through%20the%20API.%20The%20endpoint%20provides%20a%20single%20source%20of%20truth%20for%20performing%20the%20different%20operations%20required%20for%20a%20complete%20creation%2Fdeletion%20(aka%20onboarding%2Foffboarding)%20of%20Azure%20Sentinel%20on%20a%20workspace.%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3EOriginal%20Post%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-what-s-new-azure-sentinel-new-onboarding%2Fm-p%2F2653502%23M6189%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20What's%20new%3A%20Azure%20Sentinel%20new%20onboarding%2Foffboarding%20API%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

JasonCohen1892_0-1629137274643.png

What's new: Azure Sentinel new onboarding/offboarding API - Microsoft Tech Community

Azure Sentinel is a nested resource on top of a Log Analytics workspace, which introduces some complexity in managing the Azure Sentinel resource on its own. Up until now, onboarding to Azure Sentinel required performing multiple API calls to multiple endpoints. When done by the UI the complexity is hidden from end user but for API users, this created complexities.  

 

To overcome this, we introduce a dedicated endpoint called “OnboardingStates”. This endpoint allows managing the Azure Sentinel instance seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.  

 

Original Post: New Blog Post | What's new: Azure Sentinel new onboarding/offboarding API - Microsoft Tech Community

0 Replies