Introduction to Microsoft Sentinel
- By Nicholas DiCola, Yuri Diogenes, Tiander Turpijn
- 10/25/2022
- Architecture
- Enabling Microsoft Sentinel
- Ingesting data from Microsoft solutions
- Accessing ingested data
Enabling Microsoft Sentinel
Now that you have finished planning your Microsoft Sentinel adoption, it is time to enable the service. Remember that you need an active Azure subscription before enabling Microsoft Sentinel. Follow the steps below to enable Microsoft Sentinel in your subscription:
Open the Azure portal and sign in with a user who has contributor permissions on the subscription and in the resource group where the workspace resides.
In the search bar, type Sentinel and click the Microsoft Sentinel; the Microsoft Sentinel blade appears, as shown in Figure 2-3.
FIGURE 2.3 Microsoft Sentinel initial page
Click the Create Microsoft Sentinel button. Because there is no workspace selected, a page similar to Figure 2-4 appears.
FIGURE 2.4 No workspaces available
Click the Create A New Workspace button.
You will be redirected to the Create Log Analytics Workspace page, as shown in Figure 2-5.
FIGURE 2.5 Create Log Analytics Workspace
Follow the steps on the screen to create a new workspace using the default selections. When you finish filling those options, click the Review + Create button.
Once you see a green check mark indicating that the validation has passed, you can click the Create button to conclude.
You will be redirected to the Add Microsoft Sentinel To A Workspace page. If the screen doesn’t refresh, click the Refresh button, and you should see the workspace and the Add button. Click the Add button to continue. Because this is the first time you have used Microsoft Sentinel in this brand-new workspace, you will receive a notification similar to the one shown in Figure 2-6. (Be mindful that the date range will change according to the date you created your workspace.)
FIGURE 2.6 Trial activation notification
Click the OK button to continue, and you will see the Microsoft Sentinel News & Guides page, as shown in Figure 2-7.
FIGURE 2.7 Microsoft Sentinel News & Guides page
At this point, you have a workspace, and Microsoft Sentinel is enabled on it. Next, you need to start ingesting data, and as mentioned before, you can start by ingesting data from the free connectors.