Microsoft Sentinel Integration

With Azure Logic Apps and the built-in HTTP trigger or action, users can create automated tasks and workflows that send outbound requests to Binalyze AIR.

Step 1 - Creating A webhook for Microsoft Sentinel

  • Visit the Webhooks page in Binalyze AIR,

  • Click the "+ New Webhook" button in the upper right corner,

  • Provide a self-explanatory name,

  • Select "Microsoft Sentinel: Generic Sentinel Webhook Parser" as the parser for this webhook,

  • Select an Acquisition Profile when the trigger activates this webhook,

  • Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),

  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy

  • Click the "Save" button

Step 2:

  • Sign in to the Azure portal. Open your related logic app in Logic App Designer.

  • Under the designer's search box, select Built-in. In the search box, enter http web hook as a filter. From the Triggers list, select the HTTP Webhook.

  • Fill in the box accordingly:

    • Subscribe Method: POST

    • Subscribe URI: Webhook URL

    • Subscribe body: Extended properties.

For more information, please refer to Microsoft Documentation.

Last updated