The Sentinel is deployed but we have encountered an error related to data connector that require a license. But everything else should be setup correctly.
Resource Groups
On Azure Portal search bar, search resource groups. And click on it.
- Click on the resource group that we just create. "SEC-Monitoring"
- Click on the Log Analytics Workspace. "SEC-Monitoring".
- Scroll down on the left side bar and click on "Diagnostic settings".
- Add a new diagnostic setting by clicking on the "Add diagnostic setting".
- Apply these information:
- Diagnostic setting name: Sentinel .
- For Logs, check the box "allLogs".
- For Metrics, check the box "AllMetrics".
- For Destination details:
- Check the box for "Send to Log Analytics workspace".
- For Log Analytics workspace, select "SEC-Monitoring".
- Confirm by clicking on "Save".
Configuration of Sentinel Diagnostic Settings
The Sentinel is deployed but we have encountered an error related to data connector that require a license. But everything else should be setup correctly.
Resource Groups
- Click on the resource group that we just create. "SEC-Monitoring"
- Click on the Log Analytics Workspace. "SEC-Monitoring".
- Scroll down on the left side bar and click on "Diagnostic settings".
- Add a new diagnostic setting by clicking on the "Add diagnostic setting".
- Apply these information: - Diagnostic setting name: Sentinel . - For Logs, check the box "allLogs". - For Metrics, check the box "AllMetrics". - For Destination details: - Check the box for "Send to Log Analytics workspace". - For Log Analytics workspace, select "SEC-Monitoring". - Confirm by clicking on "Save".