Search

Technology Integrations

Azure Sentinel
Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Azure Sentinel

How to Integrate Edgescan & Azure Sentinel.

Azure Sentinel Integration

This package contains three separate logic apps:

  • edgescan_vulnerabilities
  • edgescan_assets
  • edgescan_hosts

The end goal of this document is to set up Azure Sentinel logic apps that run daily and ingest records created in Edgescan over the past two days. The logic apps will scan the entries created within the last 7 days in the custom logs in Azure Sentinel for IDs duplicate IDs before adding a new entry to the corresponding log.

The logic app templates you will deploy, however, are created for the initial run, which is missing this duplicate checking logic and are instead geared to pull in all data. This documentation will walk you through executing this initial run and then walk you through the changes needed to achieve the end goal.

Entries will be stored in Azure Sentinel custom logs with the following table names:

  • edgescan_vulnerabilities_CL
  • edgescan_assets_CL
  • edgescan_hosts_CL

Viewing Custom Logs

  • From your home page, navigate to the Azure Sentinel service
  • There, select the workspace your deployed logic apps reference
  • There, click on Logs in the left-hand menu and expand Custom Logs

Azure Sentinel - Edgescan Integrations - Logs

edgescan_vulnerabilities

 Azure Sentinel - Edgescan Integrations - Deploy to AzureAzure Sentinel - Edgescan Integrations - Deploy to Azure

edgescan_assets

 Azure Sentinel - Edgescan Integrations - Deploy to AzureAzure Sentinel - Edgescan Integrations - Deploy to Azure

edgescan_hosts

 Azure Sentinel - Edgescan Integrations - Deploy to AzureAzure Sentinel - Edgescan Integrations - Deploy to Azure