Microsoft Sentinel
About
Microsoft Sentinel delivers an intelligent, comprehensive SIEM solution for threat detection, investigation, response, and proactive hunting.
Available Integrations
| Product(s) | Supported Asset Type(s) | Integration Type |
|---|---|---|
| Microsoft Sentinel | Devices, Users | Inventory Sync |
Why You Should Integrate
Syncing asset data from Sevco to Microsoft Sentinel will allow you to combine Sevco Asset inventory with other sources of security information and event management (SIEM) and extended detection and response (XDR) to increase efficiency and effectiveness while securing your digital estate.
How Does the Integration Work
This integration allows you to sync asset data in Sevco to an Azure Log Analytics Workspace for use by Microsoft Sentinel. It provides the option to sync User and/or Device data.
- During configuration, you can choose to sync User and/or Device asset data.
- Once the integration is configured, it will sync all of the data associated with the asset type(s) you've selected to your Microsoft Sentinel.
- After the initial setup, this integration will perform a differential sync every 24 hours.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
-
Choose an Access Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas:
- Workspace ID & Shared Key: This schema will retrieve computer objects using a Workspace ID and Shared Key.
-
Configure the Access Schema
Workspace ID & Shared Key
| Field | Description | Example |
|---|---|---|
Workspace ID* | The id of the Log Analytics Workspace that the inventory will sync to. | bb9abeb0-77a5-42ee-947c-f7ba9c2a4287 |
Shared Key* | The shared key for the Log Analytics Workspace that the inventory will sync to. | FFqBqfN/zb2FTr5LY6DPd1KztCvR0E5Q5A7r+uPcpdrRAK1HjBvloWxvT23OQdG94nrUfUyzRy8eFl40L9kXmw== |
-
Add an Integration: Select the integration(s) you'd like to add. The following options are available:
- Collect devices from Microsoft Sentinel
-
Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization. | DMZ network |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | Jane Doe |
Link to Console (optional) | A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration. | www.product.com/devices |
- Activate Config: Select "Activate" to enable this configuration and begin pulling data.
External Documentation
Creating Credentials
See help content on locating required configuration options on Microsoft Learn.
Contact Us
If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, inventory-sync
Updated 7 months ago