Microsoft Sentinel Integration
With Azure Logic Apps and the built-in HTTP trigger or action, users can create automated tasks and workflows that send outbound requests to Binalyze AIR.
- Visit the Webhooks page in Binalyze AIR,
- Click the "+ New Webhook" button in the upper right corner,
- Provide a self-explanatory name,
- Select "Microsoft Sentinel: Generic Sentinel Webhook Parser" as the parser for this webhook,
- Select an Acquisition Profile when the trigger activates this webhook,
- Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
- Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
- Click the "Save" button
- Under the designer's search box, select Built-in. In the search box, enter
http web hookas a filter. From the Triggers list, select the HTTP Webhook.
- Fill in the box accordingly:
- Subscribe Method: POST
- Subscribe URI: Webhook URL
- Subscribe body: Extended properties.