Integrating Azure Sentinel with ConcealBrowse Integrating Azure Sentinel with ConcealBrowse

Integrating Azure Sentinel with ConcealBrowse

Description

If you're using Azure Sentinel as a SIEM integration, you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal can be seamlessly transferred into Azure Sentinel. This article will guide you through integrating Azure Sentinel with ConcealBrowse.

 

Before you begin:

In your Azure Sentinel instance you will need to create a Workspace ID and an API Key to enter to the Conceal dashboard.

  1. Open your workspace in the Azure portal
  2. Then select Agents management, click arrow to expand Log Analytics agent instructions. This is where you will find the parameters needed - Workspace ID and API Key. 
    Azure

Procedure

  1. Navigate within a web browser to https://dashboard.conceal.io and login if necessary.
  2. Click on the section labeled Plugins on the left hand menu.
    Plugins_2.png
  3. Scroll down and in the PostProcess section, locate the Azure Sentinel tile and click the button labeled Configure.Screenshot
  4. You will need to copy your Azure Workspace ID and your Azure Sentinel Shared API Key from your Azure Sentinel instance and paste in the appropriate fields in the Conceal dashboard. Click the Enabled checkbox, Save Settings, Close. 
  5. The plugin should now show Enabled meaning you have Azure Sentinel configured with ConcealBrowse and the data from Conceal dashboard should push into your Azure Sentinel instance. 

 

If you run into issues, your firewall could be blocking certain IP addresses needed to send the data. Whitelist the following IP addresses if necessary:

18.214.63.36, 44.214.127.25, 44.209.215.8, 3.233.223.50, 34.232.55.106, 52.86.27.48, 3.216.48.116

Video Reference:

 

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.