Update all the Azure Sentinel Analytical Rules
Create the app in Azure Active Directory:
- Go to the Azure portal at https://portal.azure.com
- From the menu, select Azure Active Directory
- From the Azure Active Directory menu, select App registrations
- From the top menu, select the New registration button
- Enter the name for your app; for example "AzureSentinelApp"
- For the type of supported account types
"Account in this organizational directory only" - In the Redirect URI field, in the dropdown, select Web, and in the URL field, enter http://localhost:3000
- Confirm changes by selecting the Register button
- Go to the API permissions blade
- Click Add a permission to add the required API permissions:
Select the Microsoft API: Azure Service Management
Select the option to provide delegated permissions to Access Azure Service Management as organization users
- In App registrations, select your application for example "AzureSentinelApp"
- Select Certificates & secrets > New client secret
- Add a description for your client secret
- Select a duration
- Select Add
- Record the secret's value for use in your client application code.
Note
This secret value is never displayed again after you leave this page. Please save it
- Go to the Azure Resource group, where you have your "Azure Sentinel and LA WorkSpace"
- Click on "Access Control (IAM)" --> Add --> Add role assignment
- Under "role" search "Azure Sentinel Contributor"
- Under "Assign Access to" --> select "User, group or Service Principal"
- Under "Select" search Azure AD App for example "AzureSentinelApp"
- Click on Save
- PowerShell scripts prompts to end the following params
ResourceGroup, --> Name of the ResourceGroup your "Azure Sentinel and LA WorkSpace" Workspace, --> Azure LA WorkSpace Name ClientID, --> AAD App ClientID ClientSecret, --> AAD App ClientSecret DomainName, --> Your Domain Name like "Contoso" TenantGUID --> AAD App TenantGUID