Integrations - Azure Sentinel

Azure Sentinel is a cloud native SIEM that helps to detect threat detection, conduct investigations and respond to the threats.

Avanan supports sending security events data to Azure Sentinel.

Integrate to Sentinel

In order to configure the integration, Avanan Support will need the Workspace ID and either the Primary or Secondary key. The steps below detail how to pull this information from your Azure workspace:

  1. In Azure portal, go to Log Analytics workspace where you want to store Avanan security events.

  2. Go to Agent Management.

  3. Copy Workspace ID and either Primary key or Secondary key.

  4. Send Workspace ID and key to Avanan support.

  5. Once Avanan configures the integration, security events will show up in the table named

    AvananSecurityEvents_CL.