# Microsoft Sentinel Integration

#### Step 1 - Creating A webhook for Microsoft Sentinel <a href="#step-1-creating-a-webhook-for-mattermost" id="step-1-creating-a-webhook-for-mattermost"></a>

* Visit the **Webhooks** page in AIR,
* Click the "**+ New Webhook**" button in the upper right corner,
* Provide a self-explanatory name,
* Select "**Microsoft Sentinel: Generic Sentinel Webhook Parser**" as the parser for this webhook,
* Select an **Acquisition Profile** when the trigger activates this webhook,
* Select the **Ignore** option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
* Provide other settings such as **Evidence Repository**, **CPU Limit**, **Compression & Encryption** to use or let AIR configure them automatically based on the matching policy
* Click the "**Save**" button

**Step 2:**

* Sign in to the [Azure portal](https://portal.azure.com/). Open your related logic app in Logic App Designer.
* Under the designer's search box, select **Built-in**. In the search box, enter `http web hook` as a filter. From the **Triggers** list, select the **HTTP** W**ebhook**.
* Fill in the box accordingly:
  * Subscribe Method: **POST**
  * Subscribe URI: **Webhook URL**
  * Subscribe body: **Extended properties.**

For more information, please refer to [**Microsoft Documentation**](https://learn.microsoft.com/en-us/azure/connectors/connectors-native-http)**.**

![](blob:https://binalyze.atlassian.net/128e5b43-ef58-4425-b012-3f3281ba7f8f#media-blob-url=true\&id=fbc90797-372c-4db7-a28f-ec632aa749a7\&collection=contentId-191594620\&contextId=191594620\&mimeType=image%2Fpng\&name=image-20221108-144944.png\&size=60048\&height=885\&width=921\&alt=)