Blog Post

Microsoft Security Community Blog
2 MIN READ

Microsoft Sentinel now integrates with Azure Purview

lisabarson's avatar
lisabarson
Icon for Microsoft rankMicrosoft
Feb 28, 2022

We are happy to announce that Microsoft Sentinel now integrates with Azure Purview through a new solution available in public preview. You can now see the classification and labeling insights from Azure Purview scans to enrich the security experience within Microsoft Sentinel.  The Azure Purview solution also includes a customizable workbook template and analytical rules which allow you to visualize your data and receive alerts if the sensitivity of the data stored within your data estate changes.

 

Microsoft Sentinel already collects data at cloud scale, across all users, devices, applications, and infrastructure - on-premises and in multiclouds. With the new Azure Purview solution, you can now combine data sensitivity insights from Azure Purview with data from other Microsoft Sentinel solutions.

 

Azure Purview and Microsoft Sentinel Integration steps  

 

Azure Purview Solution 

The solution within Microsoft Sentinel provides the ability to onboard all the content for Azure Purview using a single process.   

 

Data Connector  

Once the solution is enabled, the steps outlined in the data connector show how to set up the diagnostic settings to allow the logs from Azure Purview to flow into Microsoft Sentinel.  

 

 

Workbook 

The workbook visualizes the data that is being ingested into Microsoft Sentinel and features insights on the location of resources, classifications found, and more. The workbook is fully customizable and can be changed to best suit the needs of your organization.  

 

 

Analytical Rules  

Analytical rules create alerts and incidents within Microsoft Sentinel. As part of the Azure Purview solution, analytical rule templates are provided to create an alert when new classifications on a resource have been found during an Azure Purview scan within the last 24 hours. The analytical rules enable you to stay informed on the latest changes occurring within your data.  

 

 

Get started today 

Updated Mar 11, 2022
Version 2.0
azure
cloud security
microsoft sentinel
security

5 Comments

Sort By
  • GrcAA's avatar
    GrcAA
    Copper Contributor
    Jul 06, 2022

    In case  someone is still looking, you can find this under Content Hub and not Data Connectors.

     

  • mykhan's avatar
    mykhan
    Copper Contributor
    Apr 13, 2022

    Thanks for your response. I will wait for your email.

  • mykhan's avatar
    mykhan
    Copper Contributor
    Apr 13, 2022

    Hello lisabarson,

     

    We have deployed the Azure Purview data connector on the Azure Sentinel. However, we couldn't find the Sentinel Subscription and 'log destination workspace' under the Azure Purview Resource. We could only find the resource groups that are created on the azure Purview. Can you please assist.

     

    Inside your Azure Purview resource:

    1. Select Diagnostic Settings.
    2. Select + Add diagnostic setting.
    3. In the Diagnostic setting blade:
      • Select the Log Category as DataSensitivityLogEvent.
      • Select Send to Log Analytics.
      • Chose the log destination workspace. This should be the same workspace that is used by Azure Sentinel.
      • Click Save.