In this Blog Post Series of Cyber Installations and Deployments, I am sharing another useful resource with you. Stay tuned and follow the tutorial and learn some new deployment skill.
This Post showcases, The Installation, setup and deployment of Microsoft Azure Sentinel Workspace.
Azure Sentinel is a powerful Cloud Based SIEM Solution in the market and has some advanced capabilities in detecting and responding to security incidents.
Other SIEM Vendors include:
Let’s get started with the Sentinel Tutorial.
Azure Sentinel Setup and Deployment
- Create a Microsoft Azure Account or you can also setup free trial of Azure, check out this link
- After you create and setup Azure, You will see all the services listed on the homepage.
- As we are dealing with SIEM, navigate to Security Products > Check Microsoft Sentinel in the product list.
Check out this article – Free Azure Account at CyberNomadTV.
- Create a Microsoft Azure Account or you can also setup free trial of Azure, check out this link
- After you create and setup Azure, You will see all the services listed on the homepage.
- As we are dealing with SIEM, navigate to Security Products > Check Microsoft Sentinel in the product lis
Once you enter, you can see No Microsoft Sentinel to Display.
Click on ” Create Microsoft Sentinel” as shown in the above picture.
- Now Step 3 is to Create a New Workspace.
- As there are no Workspaces found here.
- Workspace is a single instance where your Sentinel is being deployed.
- You can have multiple workspaces running as per organization’s architecture and requirements.
- After you create a workspace, You need to create “Log Analytics Workspace“
- I will explain about Log Analytics in a separate blog post or you can check this microsoft documentation here.
- Enter the details for required tabs like – Subscription, Resource group, Instance details.
- As you can see above, it’s a free trial and my instance name is CNTV and the region where this sentinel instance is hosted is “East US” Datacenter.
- Click on “Review+Create” to follow next steps.
The key components here listed are:
- Subcriptions
- Resource group
- Name
- Region
- Pricing
- Tags
Here, this is just a final check and review. Click Create to proceed.
Azure Sentinel deployment is initializing and it will take few seconds to complete the setup.
Azure sentinel pricing model is pay as you go which means, Microsoft bills as per the usage and the data you consume.
Here, it’s a trial version hence we can try azure sentinel for 30 days.
As you can see in the picture above, our sentinel deployment is succeeded.
You can verify by checking:
- Workspace name
- Location where our instance is hosted
- Resource group which we have created
- Subscription details
- Directory
This Picture is the final check where we can see that now Azure sentinel is successfully added to our instance which we have created.
This is Azure Sentinel Homepage after successful deployment and installation which we have followed.
As you can see some key functionalities and options listed in Azure Sentinel.
In Azure Sentinel, you can check out:
- General
- Threat Management
- Content Management
- Configurations
To Explore Sentinel capabilities and the features it offers to security teams.
This is how you setup and deploy Microsoft Azure Sentinel free for 30 days. You can add as much data as you want and explore the SIEM Solution.
In the Next Post, I will be sharing how you can add Data into your Microsoft Sentinel workspace which we have created. Stay Tuned and share this post with friends and readers passionate about tech and cyber.
Also Check out: