Azure Sentinel

Set up Azure Sentinel for automated tests with TrustCloud!

Purpose

Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your Azure Sentinel instance so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to Azure Sentinel

1. Login to your Azure Sentinel instance as a user who has administrative privileges in your organization..
2. Go to the Subscription page and choose the subscription you want to integrate TrustCloud with. Follow the link:https://portal.azure.com/#view/Microsoft_Azure_Billing/ SubscriptionsBlade & then save the subscription ID for future reference.
3. Select the App Registrations link in the left navigation bar or go to link: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade.
4. You need to register an Application in the Microsoft Application Registration Portal.
5. Within the Application creation page, provide a relevant Application Name. Then, in the Supported account types section, select Accounts in this organizational directory only (). In the Redirect URI (optional) section, select the type: Web and enter the address to configure the integration redirection URL https://app.trustcloud.ai/trustcloud/integrations.
6. Navigate to the created Application and save your client ID required to integrate with TrustCloud.
   
   
7. Navigate to the Certificates & Secrets tab in your Application and click New client secret. To create a secret, click Add & save the created secret for future reference.
8. Navigate to the API permissions tab in your Application and click Add a permission. In the open window, select Azure Service Management.
9. For the Azure Service Management window, select the user_impersonation permission and click Add.
   
10. Navigate to your Microsoft Sentinel Workspace see here: https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel. And then go to the Microsoft Sentinel | Settings in your Microsoft Sentinel Workspace and click on the Workspace settings tab.
    
    
11. On the Workspace settings page, save the Workspace Name and Resource group Name. You’ll need them to set up the integration.
    
12. Provide the saved Subscription ID, Resource Group Name, Workspace Name, Created Application Tenant ID, Client ID & Client Secret to configure the Integration.