История

dicolanl 4a23af9be0 Updating Deploy buttons and links part 2		2021-06-16 01:40:49 +00:00
..
LinkedTemplates	Adding ThreatIntelligence to dataconnectors	2021-04-30 10:04:48 +02:00
Scripts	Adding Sentinel All-In-One	2021-01-28 14:17:00 +01:00
README.md	Updating Deploy buttons and links part 2	2021-06-16 01:40:49 +00:00
azuredeploy.json	Enabling fusion by default	2021-04-06 11:50:20 -07:00
createUiDefinition.json	fixing some bool variables	2021-02-05 14:54:21 +01:00

README.md

ARM template version

The ARM template in this folder allows you to delploy your Azure Sentinel environments in a few clicks. The template is very easy to use as it comes with a wizard interface that guides you through the setup steps.

The template performs the following tasks:

Creates resource group (if given resource group doesn't exist yet)
Creates Log Analytics workspace (if given workspace doesn't exist yet)
Installs Azure Sentinel on top of the workspace (if not installed yet)
Enables the following Data Connectors:
- Azure Activity
- Azure Security Center
- Azure Active Directory Identity Protection
- Office 365 (Sharepoint, Exchange and Teams)
- Microsoft Cloud App Security
- Azure Advanced Threat Protection
- Microsoft Defender Advanced Threat Protection
- Security Events
- Linux Syslog
- DNS (Preview)
- Windows Firewall
Enables analytics rules for selected Microsoft 1st party products
Enables Fusion rule and ML Behavior Analytics rules for RDP or SSH (if selected)
Enables Scheduled analytics rules that apply to all the enabled connectors