Azure Sentinel
- 1.Go to Alert sources --> Alert sources and click on Create new alert source
- 2.Search for Azure Alerts in the search field, click on the Azure Alerts tile and click on Next.
- 3.Give your alert source a name, optionally assign teams and click Next.
- 4.Select an escalation policy by creating a new one or assigning an existing one.
- 5.Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
- 6.The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.
- 7.On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.
- 1.
- 2.Create or choose a workspace, then go to Logs and create a query for which you’d like to create an alert.
- 3.Click on the New alert rule button, then choose Create Azure Monitor alert.
- 4.On the next page change the Condition for the alerts and click on the Add action groups.
- 5.On the modal window click on the Create action group button.
- 6.On the next page name the group e.g. iLert and click on the Actions tab.
- 7.**On the Actions tab, click on the Action type and choose Webhook.**
- 8.On the modal window in the URI section and **paste the Webhook URL that you generated in ilert and click on OK**. Name the action e.g.** ilert and click on the Review + create** button.
- 9.On the next page click on the Create button.
- 10.On the next page scroll down to the Alert rule details section, name the alert rule and click on the Create alert rule button.
- 11.Finished! Your Azure Sentinels alerts will now create alerts in ilert.
Will alerts in ilert be resolved automatically?
No, unfortunately Azure Sentinel alert do not fire resolve events.
Can I connect Azure Sentinel with multiple alert sources from ilert?
Yes, simply create more alert rules in Azure Alerts
Last modified 4d ago