Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge
Find out how HCI cuts down virtualization costs and complexity

Integrate partners product in Azure Sentinel from the solution gallery

  • November 4, 2021
  • 5 min read
Romain Serre
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.

In May Microsoft announced Azure Sentinel Solutions in public preview. That feature is a gallery powered by Azure Marketplace where partners can publish packages to easily integrate a product to Azure Sentinel. A package contains basically data connectors, workbooks, queries, and analytics rules templates.

For administrators, it is easy to add value to Azure Sentinel from solution gallery. They just have to select the solution, click on create and follow the wizard. When the creation is finished, data connectors are added, and you just have to configure it.

Currently all packages provided in the solution gallery are free. But I’m sure when Azure Sentinel solution will be GA, some solutions won’t be free.

Overview of Azure Sentinel Solutions

To open Azure Sentinel Solutions, navigate to Solutions as in the following screenshot:

Azure Sentinel

As you can see in the below screenshot, there are several solutions already in the gallery (32 solutions announced by Microsoft).

Select the solution you want to open it.

Azure Sentinel Solutions

Once you have selected a solution, you are on a panel equivalent to what you find in the Azure Marketplace. You get information about the solution, the plans (pricing) and support information. To deploy this solution just click on create.

To deploy this solution just click on create

Deploy a solution

First select a resource group and a log analytics workspace.

Deploy a solution

The wizard informs you that a connector will be created and a custom log table will be created in Log Analytics workspace.

Data Connectors

Then specify configuration for workbooks such as the display name.

Workbooks

Next you get information about analytics rules template such as the name of rules and a description.

Information about analytics rules template

In the next pane, you get information about queries (name and description).

Get information about queries

To finish the creation wizard, just click on create.

To finish the creation wizard

Once the solution is deployed, you can open Azure Sentinel and Data connectors. Then look for the solution you just deployed, and you should find a related data connector.

Open Azure Sentinel and Data connectors

In Workbook you should also find related workbook.

Find related workbook

Conclusion

Microsoft has developed a marketplace for Azure Sentinel. It is a good thing because that means that we will have more integration with partner products. If partners want an integration with Azure Sentinel, they “just” have to create a package containing rules, workbook, queries, data connector and publish it to Azure Sentinel Solutions. It will simplify the management for administrators because currently the only way to integrate third party solutions wthout data connectors is Syslog (or CEF).

Related articles
How to use Azure Sentinel for Incident Response?
Microsoft Azure Sentinel Overview
Tags
Hey! Found Romain’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!