☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. Microsoft
  2. Configure SIEM Security Operations using Microsoft Sentinel
  3. Create and Manage Microsoft Sentinel Workspaces

Create a Microsoft Sentinel Workspace

Unit 3.

After designing the Workspace architecture, login to the Azure portal and search for "Sentinel", then select "Microsoft Sentinel". To enable Microsoft Sentinel, you need contributor permissions to the subscription in which the Microsoft Sentinel Workspace resides. To use Microsoft Sentinel, you need contributor or reader permissions to the resource group that the workspace belongs to.

Create and Configure a Log Analytics Workspace

The "Add Microsoft Sentinel to a Workspace" page will display a list of available Log Analytics workspaces which Microsoft Sentinel can be added to. To create a new workspace, choose "+ create a new workspace" button. This will begin the "Create Log Analytics Workspace" process.

The "Basics" tab includes the following:

  • Subscription : select the subscription.

  • Resource Group : select or create a resource group.

  • Name : name of the Log Analytics and Microsoft Sentinel Workspace.

  • Region : location where the log data is stored.

Add Microsoft Sentinel to the Workspace

After completing the previous steps, the "Add Microsoft Sentinel to Workspace" screen will appear. Now, wait for the newly created Log Analytics Workspace to appear and then select it and choose "Add". The new workspace is now the active screen, the Microsoft Sentinel navigation has four areas:

  • General

  • Threat Management

  • Content Management

  • Configuration

The "Overview" tab displays a standard dashboard of info about data, alerts and incidents.

Microsoft Defender for Cloud

When creating a Microsoft Sentinel Workspace, you cannot use the Default Microsoft Defender for Cloud Log Analytics Workspace, a new Log Analytics Workspace must be created and then updated with the Microsoft Defender for Cloud tier.

Last updated 10 months ago

💻
  • Create and Configure a Log Analytics Workspace
  • Add Microsoft Sentinel to the Workspace
  • Microsoft Defender for Cloud