By establishing a connection with the service and receiving the events and logs, Microsoft Sentinel is able to get data from apps and services. Install the data connector for Azure Activity to send data to Microsoft Sentinel for this QuickStart.

Once you Choose the Content hub from Microsoft Sentinel, for example, Locate and pick the Azure Activity Directory.


Click Install/Update on the toolbar at the top of the page.


Verify the Notification: Install Success.

 


Configure the data connector.

Choose Data connectors in Microsoft Sentinel.

Look for and choose the data connector for Azure Activity. (As an example, Microsoft Entra ID)


 

Open Connector page should be selected from the connector's information pane.


To configure the connector, review the setup instructions.

Go to the Azure Policy Assignment Wizard and select Launch.

 

Set the subscription and resource group that contains activity to transmit to Microsoft Sentinel under the Basics tab's Scope setting. Choose the subscription, for instance, that houses your Microsoft Sentinel instance.

Click the tab for parameters.

Assign the workspace for Primary Log Analytics. This is where Microsoft Sentinel ought to be placed in the workspace.

Choose Review + Create and Press Start.

Produce activity information.

Enabling a rule that was part of the Azure Activity solution for Microsoft Sentinel will allow us to produce some activity data. You can also see how to manage content in the content center by following this step.

Choose Content hub from Microsoft Sentinel.

Locate and choose the Microsoft Entra ID.

Choose Manage from the pane on the right.


Locate and choose the template for the rules.


 

Choose Configuration.


After choosing a rule, create a rule.


Make sure that the Status is enabled on the General tab. Don't change the remaining default settings.

 

 

 

Accept the other tabs' default settings.


 

Choose Create from the Review and create tab.


Once done, we can see the result.

 

See the data that Microsoft Sentinel has ingested.

Choose Data connectors in Microsoft Sentinel.

Look for and choose the data connector for Azure Activity. (As an example, Microsoft Entra ID)

Open Connector page should be selected from the connector's information pane.

Examine the data connector's current status. There ought to be a connection.

Choose Go to log analytics from the pane on the left above the chart.


 

 

 

 

Summary

The present article explains configuring the data connector and producing activity data in Microsoft Sentinel.  The subsequent article will cover the Set of Azure Sentinel Dashboards, Notebooks, and Queries.