DEV Community

Hyacienth Ugochukwu
Hyacienth Ugochukwu

Posted on

How To Create A Microsoft Sentinel Environment

What is A Microsoft Sentinel Environment?

Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast.
Microsoft Sentinel is a scalable, cloud-native security information and event management (SIEM) that delivers an intelligent and comprehensive solution for SIEM and security orchestration, automation, and response (SOAR). Microsoft Sentinel provides cyberthreat detection, investigation, response, and proactive hunting, with a bird's-eye view across your enterprise.
Microsoft Sentinel also natively incorporates proven Azure services, like Log Analytics and Logic Apps, and enriches your investigation and detection with AI. It uses Microsoft's threat intelligence stream and enables you to bring your threat intelligence.
There are multiple ways to configure your sentinel environment but I will show you how to create yours by adding roles and specifying the number of days the data should be retained.

Task 1 - Create a Log Analytics workspace
Create a Log Analytics workspace, including a region option.

  1. In the Azure portal, search for and select Microsoft Sentinel.
  2. Select + Create.
  3. Select Create a new workspace.
  4. Select Create new and add a Resource Group.
  5. Enter a valid name for the Log Analytics workspace.
  6. Select any region of your choice for the workspace.
  7. Select Review + Create to validate the new workspace.
  8. Select Create to deploy the workspace.

Task 2 - Deploy Microsoft Sentinel to a workspace
Deploy Microsoft Sentinel to the workspace.

  1. When the workspace deployment completes, select Refresh to display the new workspace.
  2. Select the workspace you want to add Sentinel to (created in Task 1).
  3. Select Add.

Task 3 - Assign a Microsoft Sentinel role to a user
Assign a Microsoft Sentinel role to a user.

  1. Go to the Resource group.
  2. Select Access Control (IAM).
  3. Select Add and Add role assignment.
  4. In the search bar, search for and select the Microsoft Sentinel Contributor role.
  5. Select Next.
  6. Select the option User, group, or service principal.
  7. Select + Select members.
  8. Search for the user you want to assign.
  9. Select the user icon.
  10. Select Select.
  11. Select “Review + assign”.
  12. Select “Review + assign”.

Task 4 - Configure data retention
Configure data retention.

  1. Go to the Log Analytics workspace created in Task 1 step 5.
  2. Select Usage and estimated costs.
  3. Select Data retention.
  4. Change data retention period to 180 days.
  5. Select OK.

Top comments (0)

Read next

s3cloudhub profile image

Mastering AWS IAM Policies: Your Ultimate Guide to Cloud Security

S3CloudHub -

ilvalerione profile image

Upload File in Laravel

Valerio -

alexandradev profile image

Particle Network’s Elastos Integration, GasHawk’s $1.6M Raise, Ethereum’s L2 ‘Roadmap to Hell’

Alexandra -

home-decor profile image

Qeinn Wood Coffee Table: The Perfect Addition to Your Home

Qureshi Enterprises -