I am learning to build Logic Apps working with Sentinel inc

Question

HelloI am learning to build Logic Apps. The tasks will mainly involve querying Log Analytics and writing comments in incidents. How can I do this securely?I understand that I need to add the Sentinel Contributor role for the Logic App, but what next? If I need the Logic App to be able to query, do I need to give it additional access, such as Log Analytics Contributor or Reader?&nbsp;When I want to create a connection,&nbsp;I have three options:&nbsp;OAuth - I see that I log in with my account, and then the Logic App has access to what I have access to. Is this secure?&nbsp;&nbsp;Service Principal - I need to register an application and create a secret for it, then grant this application access to Sentinel. Can I use a single Service Principal for all Logic Apps? I understand that secrets need to be rotated – does this affect my Logic Apps? Will I need to update something to ensure everything works properly?&nbsp;Managed Identity - This only works within the specific Logic App? This seems like the best solution, but I managed to add a new Managed Identity to query Log Analytics, and in the next step, I wanted it to add tasks to an incident in Sentinel, and unfortunately, it didn't work. (However, I changed the last step and added it via OAuth, and it worked, allowing the Logic App to add tasks to the incident in Sentinel.)&nbsp;&nbsp;&nbsp;this is one of example i am working on.&nbsp;&nbsp;https://github.com/Azure/Azure-Sentinel/blob/master/Playbooks/Get-SOCTasks/readme.mdadding role assignment&nbsp;&nbsp;&nbsp;I would be great if you can share your experiences! thank you&nbsp;

keyindex99 · Answer

anyone? 🙂

Forum Discussion

I am learning to build Logic Apps working with Sentinel inc

Share

Resources