Microsoft Azure Sentinel is a scalable, cloud native Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) solution. Azure Security Center (ASC) is a tool for enhancing insight in security state, reduce chance of attack, and response threat in a short time.
ASC is a security assessment performed in infrastructure environment; it assesses all the time. This tool is powerful and easy to use, and support Azure IaaS, PaaS platform. It has a detailed prevention policy, detailed recommendations, and list of alerts on resource. And it can integrate with Azure Sentinel.
ASC can manage Cloud Security Posture Management (CSPM). The CSPM was defined in response to the growing need of organizations to correctly configure public cloud IaaS and PaaS services and address cloud risks. CSPM is a class of security tools as defined by Gartner include use cases for compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization.
How’s integration with ASC and Azure Sentinel?
· Microsoft Azure subscription
· Log Analytics Workspace
· Azure Security Center
Integrate ASC with Azure Sentinel
· Login Azure
· Search for Azure Sentinel
· Create Azure Sentinel workspace blade
Search “ Azure Sentinel ” :
In “ Azure Sentinel Workspaces ”, add or select workspace :
Select “ Data Connectors ” under Configuration and select “ Azure Security Center ” :
Select “ Subscription ” you would like to monitor :
Now, after configuring and integrating the ASC and Azure Sentinel, all security alerts that will trigger in Azure Security Center will also appear in Azure Sentinel.