In May Microsoft announced Azure Sentinel Solutions in public preview. That feature is a gallery powered by Azure Marketplace where partners can publish packages to easily integrate a product to Azure Sentinel. A package contains basically data connectors, workbooks, queries, and analytics rules templates.

For administrators, it is easy to add value to Azure Sentinel from solution gallery. They just have to select the solution, click on create and follow the wizard. When the creation is finished, data connectors are added, and you just have to configure it.

Currently all packages provided in the solution gallery are free. But I’m sure when Azure Sentinel solution will be GA, some solutions won’t be free.

Overview of Azure Sentinel Solutions

To open Azure Sentinel Solutions, navigate to Solutions as in the following screenshot:

Azure Sentinel

As you can see in the below screenshot, there are several solutions already in the gallery (32 solutions announced by Microsoft).

Select the solution you want to open it.

Azure Sentinel Solutions

Once you have selected a solution, you are on a panel equivalent to what you find in the Azure Marketplace. You get information about the solution, the plans (pricing) and support information. To deploy this solution just click on create.

To deploy this solution just click on create

Deploy a solution

First select a resource group and a log analytics workspace.

Deploy a solution

The wizard informs you that a connector will be created and a custom log table will be created in Log Analytics workspace.

Data Connectors

Then specify configuration for workbooks such as the display name.

Workbooks

Next you get information about analytics rules template such as the name of rules and a description.

Information about analytics rules template

In the next pane, you get information about queries (name and description).

Get information about queries

To finish the creation wizard, just click on create.

To finish the creation wizard

Once the solution is deployed, you can open Azure Sentinel and Data connectors. Then look for the solution you just deployed, and you should find a related data connector.

Open Azure Sentinel and Data connectors

In Workbook you should also find related workbook.

Find related workbook

VSAN from StarWind is software-defined storage (SDS) solution created with restricted budgets and maximum output in mind. It pulls close to 100% of IOPS from existing hardware, ensures high uptime and fault tolerance starting with just two nodes. StarWind VSAN is hypervisor and hardware agnostic, allowing you to forget about hardware restrictions and crazy expensive physical shared storage.

Build your infrastructure with off-the-shelf hardware, scale however you like, increase return on investment (ROI) and enjoy Enterprise-grade virtualization features and benefits at SMB price today!

Conclusion

Microsoft has developed a marketplace for Azure Sentinel. It is a good thing because that means that we will have more integration with partner products. If partners want an integration with Azure Sentinel, they “just” have to create a package containing rules, workbook, queries, data connector and publish it to Azure Sentinel Solutions. It will simplify the management for administrators because currently the only way to integrate third party solutions wthout data connectors is Syslog (or CEF).

Back to blog