Microsoft Sentinel Out-of-the-Box SecOps Integration

Microsoft Sentinel Out-of-the-Box SecOps Integration

Requirements

  • An active Azure subscription to enable Azure Monitor services
  • An active Lumu Insights or Lumu Defender subscription

Add Integration

Warning
If you operate a multi-tenant organization in Microsoft Entra ID, you must create an admin user on the tenant you want to integrate into Lumu before proceeding. This will be the user the integration will be configured for. Please, refer to the Multitenant organization capabilities in Microsoft Entra ID from Microsoft for more details.

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen. Click on the SecOps tab. 

2. Locate the MS Sentinel integration in the available apps area and click Add.

3. Review the detailed description provided for the app to familiarize yourself with the integration and click Activate to begin the activation process.

4. Carefully read the instructions provided. Once ready, click on Activate. You will be redirected to Microsoft to complete the integration activation.

5. The Microsoft sign-in page will appear as shown below

Notes
Make sure to log in with an administrator account, as only an administrator can grant the required permissions on behalf of your organization.

6. After successfully authenticating your account, a window listing the permissions needed will open. It's crucial to check the box labeled Consent on behalf of your organization to proceed. Click on Accept


7. Select the subscription for the integration. Remember that you need an active subscription that supports Azure Monitor services, specifically the Logs Ingestion API, and with an associated Log Analytics workspace. After selecting the subscription click on Next.

8. Provide a description for the integration, choose the workspace where the logs will be ingested, and specify a table name. Lumu provides a suggested name for the table, but you can name it as you prefer.

9. For the next step, choose the Lumu events you want to send to Microsoft Sentinel. Note that the 'New Incident Created' event is always selected and sent. Once you have selected the events, click on Activate.

10. Wait for Lumu to set up the collection mechanism.

11. Once it’s finished you can click Close

12. Your integration will be created with the subscription, workspace, table name, and selected events.


Notes
If the collection mechanism created by Lumu in Azure is deleted, the integration will break.

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Microsoft Teams Out-of-the-Box SecOps Integration

          Requirements Microsoft Teams A Microsoft Teams Essentials subscription or above An Active Lumu Insights or Lumu Defender subscription Incoming Webhooks connectors will be retired by Microsoft. We strongly advice to migrate to the Webhook model. You ...

        • Slack Out-of-the-Box SecOps Integration

          Requirements A Slack Free or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Slack Incoming Webhook 1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option. 2. Click on ...

        • Universal SIEM Out-of-the-Box SecOps Integration

          Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...

        • Datto Autotask Out-of-the-box SecOps Integration

          Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...

        • HaloPSA Out-of-the-Box SecOps Integration

          Requirements A HaloPSA subscription An Active Lumu Insights or Lumu Defender subscription Configure HaloPSA To set up the integration, you will need to create a pair of API credentials in HaloPSA to give Lumu access and the following data: Data ...