Links

Azure Sentinel

Create alerts in ilert based on Azure Sentinel queries.

In ilert

Create a Azure Alerts alert source

  1. 1.
    Go to the "Alert sources" tab and click Create new alert source
  2. 2.
    Enter a name and select your desired escalation policy. Select "Azure Alerts" as the Integration Type and click on Save.
  1. 1.
    On the next page, a Webhook URL is generated. You will need this URL below when setting up the alert action in Azure Alerts.

In Azure

Create a query

  1. 1.
    Go to Azure Portal and then to Azure Sentinel.
  1. 1.
    Create or choose a workspace, then go to Logs and create a query for which you’d like to create an alert.
  1. 1.
    Click on the New alert rule button, then choose Create Azure Monitor alert.
  1. 1.
    On the next page change the Condition for the alerts and click on the Add action groups.
  1. 1.
    On the modal window click on the Create action group button.
  1. 1.
    On the next page name the group e.g. iLert and click on the Actions tab.
  1. 1.
    **On the Actions tab, click on the Action type and choose Webhook.**
  1. 1.
    On the modal window in the URI section and **paste the Webhook URL that you generated in ilert and click on OK**. Name the action e.g.** ilert and click on the Review + create** button.
  1. 1.
    On the next page click on the Create button.
  1. 1.
    On the next page scroll down to the Alert rule details section, name the alert rule and click on the Create alert rule button.
Finished! Your Azure Sentinels alerts will now create alerts in ilert.

FAQ

Will alerts in ilert be resolved automatically?
No, unfortunately Azure Sentinel alert do not fire resolve events.
Can I connect Azure Sentinel with multiple alert sources from ilert?
Yes, simply create more alert rules in Azure Alerts
(c) 2011 - 2022 iLert GmbH