Microsoft Sentinel

Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise — fast.

Creating a Microsoft Sentinel connection

Create the connection by using one of the following methods:

• OAuth
• App Registration

Using OAuth

Creating your connection

1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the Microsoft Sentinel icon. A dialog box with name of the connection and connection methods appear.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Click Microsoft Sentinel to authenticate using OAuth.
5. Sign in using your credentials.

info

Need admin approval? please refer to the Need Admin Approval guide.

Using App Registration

To create the connection you need:

• A Client ID
• A Client Secret
• A Tenant ID

Obtaining the credentials

Creating the App

1. Log into the Azure Portal.

2. Go to the Microsoft Entra ID resource.

   

3. In the left-hand menu, click App registrations.

   

4. Create a new application registration or click on one of your existing applications.

   

5. In the left-hand menu, click API permissions.

   

6. Click Add a permission and select Microsoft Graph.

   

7. Choose Application permissions and mark the permissions you wish to add.

   

To support all of Blink's actions, these are the required application permissions:

Required Permissions
SecurityActions.ReadWrite.All
SecurityAlert.ReadWrite.All
SecurityAnalyzedMessage.ReadWrite.All
SecurityEvents.ReadWrite.All
SecurityIncident.ReadWrite.All

8. Click Add permissions to save the changes.

9. Click Grant admin consent for <your tenant> on the API permissions page. Only admins can grant consent.

   

10. Confirm that the added permissions are now verified.

    

11. Navigate to Overview and Copy your client ID and tenant ID.

    

Assign role to App

12. In Azure portal, search and click on Microsoft Sentinel.

    

13. Select your account and click on Resource Group.

    

14. Under the resource group, navigate to Access control (IAM).

    

15. Navigate to Role Assignments > Click Add > Add role assignment.

    

16. Under the Role tab, search for sentinel roles and select the Microsoft Sentinel Contributor role.

    

17. Navigate to the Members tab, under Assign access to select User, group, or service principal. Click + Select members and on the right side menu, select your app.

    

18. Under Review + assign, see your app and click on Review + assign.

    

19. Go back to Access control (IAM) and verify that your app has been assigned with the required role.

    

Create and copy a secret

19. Go back to your app's Overview page, create a new client secret.

    

20. Copy the secret value.

    

Creating your connection

1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the Microsoft Entra ID icon. A dialog box with name of the connection and connection methods appear.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Select App Registration as the method to create the connection.
5. Fill in the parameters:
   • The client ID
   • The client secret
   • The tenant ID
6. (Optional) Click Test Connection to test it.
7. Click Create connection. The new connection appears on the Connections page.
8. Search and click on Microsoft Sentinel.

Interactive Tutorial Guides

You can also refer to the following tutorial guides for a more in-depth understanding of how to create a Microsoft Sentinel connection.