Install Microsoft Azure Sentinel

The Tenable integration for Microsoft Azure Sentinel combines Tenable's Cyber Exposure insights with Sentinel's collection, detection, and investigation capabilities. This integration supports Tenable Vulnerability Management and exports asset and vulnerability data from Tenable Vulnerability Management directly to Microsoft Sentinel.

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. For more information about Microsoft Sentinel, see the Microsoft documentation.

Required User Role: Basic User

Note: The Tenable integration with Microsoft Azure Sentinel works with a Basic User if that user is assigned Can View permissions on the assets they are to export, along with Can Use permissions on tags the assets are assigned. Without the Can Use tag permissions, the assets return undefined or the integration fails to export vulnerabilities if a tag filter is used. For more information on Tenable Vulnerability Management permissions and user roles, refer to Permissions in the Tenable Developer Portal.

Before you begin:

  • You must have a Logs Analytics Workspace with Microsoft Sentinel enabled in your Azure subscription.
  • For assistance with launching Microsoft Sentinel, see the Microsoft Sentinel quick start guide.

Note: The Microsoft Azure Sentinel integration does not export fixed vulnerabilities.

  1. Navigate to Microsoft Sentinel within the Microsoft Azure Portal and click Create Microsoft Sentinel.

    The workspace homepage appears:

  2. Add a workspace for Microsoft Sentinel. Click Create a new workspace.

  3. To create the Log Analytics workspace, you must first create a new Resource Group. Click Create new under Resource Group Connector.

  4. Input a Name for the instance detail and select the appropriate Azure Region from the drop-down menu.

    Click Review + Create.

    The settings are finalized and the page updates:

  5. Click Create.

    The workspace homepage appears with your new Microsoft Sentinel workspace:

    The Log Analytics Workplace for Microsoft Sentinel has been created.

Note: Navigate to Log Analytics workspace > Network Isolation and ensure that the two Virtual network access configuration settings (required to accept data ingestion and queries from public networks not connected through a Private Link Scope) are set to Yes.

  1. Go to the Content Hub and perform a search for "Tenable."

  2. Select Tenable App. In the bottom-right corner click Install.

  3. Once installed, in the bottom-right corner, click Manage.

What to do next (do one of the following):