[PFR] Finalize Microsoft Sentinel Integration & Collateral
jonrau1 opened this issue · comments
Story
As the Author of ElectricEye, I want to complete an integration into Microsoft Sentinel (FKA Azure Sentinel) by using Log Analytics along with providing Analytics rules so that I can support users who use Microsoft Sentinel as their SIEM / SOAR / UEBA platform
Definition of Done
- New
Output
for Microsoft Sentinel - Flatten ASFF / EE findings for better indexing and not to exceed 500 unique columns within Log Analytics Workspaces
- Provided Analytics rules for creating Incidents / Alerts within Microsoft Sentinel
- Document changes and new output required Parameters / Environment Variables
- Updated CFN & TF Templates with new Fargate ENV VARs and TF Vars/CFN Params
Nice to Have
Workbook / Notebook? Complex Analytics Rules?
Additional Information
Will be using LAWS Custom code for connector
Abandoning this for the meantime