- This topic has 0 replies, 1 voice, and was last updated 3 years, 1 month ago by
.
Viewing 1 post (of 1 total)
-
Posts
-
Create the App in Azure
- https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
- Click “New registration”
- Name it “WitFoo Precinct”
- Select who can use the application (access the API)
- Select “Web” and enter the Redirect URL in WitFoo Precinct at Admin->Settings->Azure AD
- Click “Register”
- Under Certificates & secrets click “New client secret” (give it a description and expiration)
- Under Microsoft Graph Permissions Add the following minimum permissions:
- Application: AuditLog.Read.All
- Application: SecurityEvents.Read.All
- Application: Directory.Read.All
- Save the application
Configure WitFoo Precinct
- Go to Admin->SOAR->Azure Active Directory
- Click the checkbox for Enable Azure AD Log Integration
- Paste the Application ID, Secret key and Tenant ID
- Click the disk icon (Save)
- Click Jobs and use the search “Azure” to find Artifacts from Microsft Azure. Select Artifacts from Microsft Azure.
- Select Triggers and expand Interval Trigger.
- Inside the configuration, Toggle State to ENABLED.
- The interval is set to 2 minutes by default, but you can update it to what best suits your organization.
- Click the disk icon (Save)
- Within 15 min “Azure” should be listed as a Artifact Source under Report->Tool Effectiveness->Artifact Source Types
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.