Microsoft Sentinel Out-of-the-Box SecOps Integration
Requirements
- An active Azure subscription to enable Azure Monitor services
- An active Lumu Insights or Lumu Defender subscription
Add Integration
1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen. Click on the SecOps tab.
2. Locate the MS Sentinel integration in the available apps area and click Add.
3. Review the detailed description provided for the app to familiarize yourself with the integration and click Activate to begin the activation process.
4. Carefully read the instructions provided. Once ready, click on Activate. You will be redirected to Microsoft to complete the integration activation.
5. The Microsoft sign-in page will appear as shown below
6. After successfully authenticating your account, a window listing the permissions needed will open. It's crucial to check the box labeled Consent on behalf of your organization to proceed. Click on Accept
7. Select the subscription for the integration. Remember that you need an active subscription that supports Azure Monitor services, specifically the Logs Ingestion API, and with an associated Log Analytics workspace. After selecting the subscription click on Next.
8. Provide a description for the integration, choose the workspace where the logs will be ingested, and specify a table name. Lumu provides a suggested name for the table, but you can name it as you prefer.
9. For the next step, choose the Lumu events you want to send to Microsoft Sentinel. Note that the 'New Incident Created' event is always selected and sent. Once you have selected the events, click on Activate.
10. Wait for Lumu to set up the collection mechanism.
11. Once it’s finished you can click Close
12. Your integration will be created with the subscription, workspace, table name, and selected events.
Related Articles
Microsoft Teams Out-of-the-Box SecOps Integration
Requirements Microsoft Teams A Microsoft Teams Essentials subscription or above An Active Lumu Insights or Lumu Defender subscription Incoming Webhooks connectors will be retired by Microsoft. We strongly advice to migrate to the Webhook model. You ...Slack Out-of-the-Box SecOps Integration
Requirements A Slack Free or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Slack Incoming Webhook 1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option. 2. Click on ...Universal SIEM Out-of-the-Box SecOps Integration
Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...Datto Autotask Out-of-the-box SecOps Integration
Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...HaloPSA Out-of-the-Box SecOps Integration
Requirements A HaloPSA subscription An Active Lumu Insights or Lumu Defender subscription Configure HaloPSA To set up the integration, you will need to create a pair of API credentials in HaloPSA to give Lumu access and the following data: Data ...