Microsoft Sentinel Integration

With Azure Logic Apps and the built-in HTTP trigger or action, users can create automated tasks and workflows that send outbound requests to Binalyze AIR.

Step 1 - Creating A webhook for Microsoft Sentinel

  • Visit the Webhooks page in Binalyze AIR,
  • Click the "+ New Webhook" button in the upper right corner,
  • Provide a self-explanatory name,
  • Select "Microsoft Sentinel: Generic Sentinel Webhook Parser" as the parser for this webhook,
  • Select an Acquisition Profile when the trigger activates this webhook,
  • Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
  • Click the "Save" button
Step 2:
  • Sign in to the Azure portal. Open your related logic app in Logic App Designer.
  • Under the designer's search box, select Built-in. In the search box, enter http web hook as a filter. From the Triggers list, select the HTTP Webhook.
  • Fill in the box accordingly:
    • Subscribe Method: POST
    • Subscribe URI: Webhook URL
    • Subscribe body: Extended properties.
For more information, please refer to Microsoft Documentation.