Senserva Microsoft Sentinel Edition Setup

Senserva Setup for Azure Sentinel

This page reviews installing Senserva’s automated Multi-Tenant Cloud Security Posture Management solution for Azure Sentinel. Our Team of cloud experts at Senserva is always happy to provide support as well.

This page assumes you are onboarded as a Microsoft Azure customer and that the installer of Senserva for Azure Sentinel is a Global Administrator (required to install our Azure AD Application). More information can be found at this page

1.     The process starts you off with creating an Azure AD Application with the necessary permissions for Senserva’s data analysis. This is a multi-tenant Application. This is the Main Application which will be located in the Main Tenant.

  • This is optional step. If you are a CSP with multiple tenants to manage and scan, the Azure AD App will need to be configured as a Service Principal in your managed tenants. A Global Admin from the managed tenant will need to add the Service Principal and consent to the API Permissions of the Service Principal.
  • The script will prompt for Child Tenant setup and help you through the consenting process
  • You will need to save the Tenant ID for each Child Tenant for Step 7

2.     You will need to configure an Azure Log Analytics Workspace(LAW) for use. You can reuse any LAW you’d like, but we strongly recommend creating a new LAW.

3. You will need to configure an Azure Key Vault for use. You can reuse any Key Vault you’d like, but we strongly recommend creating a new Vault. (This page from Microsoft shows how to create a Key Vault)

  • The Key Vault will serve as a Configuration Manager that an admin can manage the configuration from (e.g. Configured tenants, desired Log Analytics Workspace location, etc.)
  • The Key Vault URI will be needed in step 5

4.     You will need to configure RBAC Resource access and an Access Policy for the AD Application from Step 1 to the Key Vault from Step 3

5.     Visit our Azure Marketplace page to complete the process (That page is here)

6.     The Azure Marketplace setup will prompt for basic customer information (e.g. Resource location, etc.), as well as the config items from Steps 1, 2, and 3, to complete the deployment process.

  • Note: The Marketplace template will prompt you to create or select a Resource Group for the Managed Identity. You must select to create a new Resource Group. The Managed Identity must be the sole item in a Resource Group in order for Azure Lighthouse to deploy correctly.

7.     Once finished, the App Service will start up the Senserva WebJob to run scanning. The scanner will output to provided Log Analytics Workspace.

  • If a new configuration, such as a new Child Tenant is added or the Log Analytics Workspace key is rotated, write a new Key Vault Secret to the Key Vault to update the configuration. Senserva will poll the Key Vault periodically for new configurations. Once configured, the App Service WebJob will restart itself for the changes to propagate.
  • Any Child Tenants to be scanned must be entered into a Key Secret
  • Supported Keys are ‘LogAnalyticsWorkspaceID’, ‘LogAnalyticsWorkspaceKey’, ‘LogAnalyticsWorkspaceDisplayName’, and ‘ConfiguredTenants’.
  • The format for ConfiguredTenants is ‘TenantId1:DisplayName1,TenantId2:DisplayName2,…’ This will be your child tenant list.

8.     At this point, setup is complete and automated deltas-only scanning will commence. You can take the data from the Log Analytics Workspace and visualize according to your needs.

9.     Further items like additional Queries and Workbooks built by our team are available on our Github repo