Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Documenting tenant configuration

Silver Contributor

What are the options for documenting the configuration settings of a Sentinel environment, e.g., connectors that are enabled with their options, workbooks that are active, analytical rules that are enabled, etc

2 Replies
Bumping to try to get a response.

You will either need to use PowerShell or a Workbook for this I'd imagine. Most settings are contained in their own api call, so you have to call multiple places. You could look to lift examples from Workspace Usage as that has most things (but across multiple tabs)

Get-AzSentinelDataConnector   is I find more useful than the api (as the api still only returns the 9 Microsoft connectors).  So if you do that part in PS, you may as well do the rest?  Or run the PS and create custom logs from that?