If you select one of these content types, and also have content of the other type in your branch, both content types are deployed.įor all other content types, selecting a content type in the Create a new connection pane deploys only that content to Microsoft Sentinel. Select the branch you want to connect to your Microsoft Sentinel workspace.įrom the Content Types dropdown, select the type of content you'll be deploying.īoth parsers and hunting queries use the Saved Searches API to deploy content to Microsoft Sentinel. You'll be directed to GitHub to continue the app installation.Īfter the Azure-Sentinel app is installed in your repository, the Branch dropdown in the Create a new connection page is populated with your branches. If you have multiple repositories, select the ones where you want to install the Azure-Sentinel app, and install it. The first time you connect to a specific repository, you'll see a new browser window or tab, prompting you to install the Azure-Sentinel app on your repository. Select your repository from the list, and then select Add repository. If you're already logged into your GitHub account on the same browser, your GitHub credentials will be auto-populated.Ī Repository area now shows on the Create a new connection page, where you can select an existing repository to connect to. The first time you add a connection, you'll see a new browser window or tab, prompting you to authorize the connection to Microsoft Sentinel. Select one of the following tabs, depending on your connection type:Įnter your GitHub credentials when prompted. Select Add new, and then, on the Create a new connection page, enter a meaningful name and description for your connection.įrom the Source Control dropdown, select the type of repository you want to connect to, and then select Authorize. In Microsoft Sentinel, on the left under Content management, select Repositories. If you're currently signed in using different credentials, sign out first. Make sure that you're signed into your source control app with the credentials you want to use for your connection. For more information, see About Microsoft Sentinel content and solutions. This procedure describes how to connect a GitHub or Azure DevOps repository to your Microsoft Sentinel workspace, where you can save and manage your custom content, instead of in Microsoft Sentinel.Įach connection can support multiple types of custom content, including analytics rules, automation rules, hunting queries, parsers, playbooks, and workbooks. Ensure custom content files you want to deploy to your workspaces are in relevant Azure Resource Manager (ARM) templates.įor more information, see Validate your content Connect a repository.Third-party application access via OAuth enabled for Azure DevOps application connection policies. Actions enabled for GitHub and Pipelines enabled for Azure DevOps.Collaborator access to your GitHub repository or Project Administrator access to your Azure DevOps repository.An Owner role in the resource group that contains your Microsoft Sentinel workspace or a combination of User Access Administrator and Sentinel Contributor roles to create the connection.Before connecting your Microsoft Sentinel workspace to your source control repository, make sure that you have: Microsoft Sentinel currently supports connections to GitHub and Azure DevOps repositories. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. The Microsoft Sentinel Repositories feature is currently in PREVIEW.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |