• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

Azure Sentinel

This article describes how to set up and use Azure Sentinel. It is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that integrates with the SonicWall Cloud Edge platform. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. You can configure your SonicWall Cloud Edge data stream to Azure Sentinel to have full visibility of your SonicWall Cloud Edge activity.

• Setting up a Log Analytics workspace
• Linking the Log Analytics Workspace to Azure Sentinel
• Finding your Log Analytics Workspace ID and Primary Key
• Configuring the integration in the Management Platform

• Handling possible error codes

Setting up a Log Analytics workspace

If you are using an existing log analytics workspace, you may skip this part.

1. Open the Azure portal and select Azure Sentinel.

   

2. Select +Add.

   

3. Select Create a new workspace.

   

4. Fill in the following information:

   

   • Subscription: Choose a subscription according to your business's needs.

   • Resource group: Associate the log analytics workspace with the appropriate business unit.

   • Name: Choose an indicative name of your own choice. The workspace name should include 4-63 letters, digits, or '-'. The '-' shouldn't be the first or the last symbol.

   • Region: The physical location of the server generating the event collector. Choose according to pricing and business needs.

   • (Optional) Review the pricing tiers and set appropriate tags for the workspace.

   • Select Review + Create.

Linking the Logs Analytics workspace to Azure Sentinel

1. Open the Azure portal and select Azure Sentinel.

   

2. Select +Add.

   

3. Select the Logs Analytics Workspace that you've just created or an existing one you'd like to utilize.

Finding your Log Analytics workspace ID and primary key

1. Open Log Analytics Workspace.

   

2. Select the workspace you've just connected to Azure Sentinel.

3. Select Advanced settings.

   

4. Select Connected Sources, then Linux Servers. Copy the Workspace ID as well as the Primary key.

   

Configuring the integration at the Management Platform

1. Log in to your Management Platform, and navigate to Settings/Integrations, and select Add at the Azure Sentinel row.

2. Fill in according to the values copied in the previous steps (the primary key will use as your workspace key).

   

3. Select Validate.

Handling possible error codes

Status Message	Action Required
Success	None
SENTINEL_INACTIVE_CUSTOMER	The workspace has been deactivated.
SENTINEL_INVALID_CUSTOMER_ID	Please make sure you inserted the correct customer ID.
SENTINEL_INVALID_AUTHORIZATION	The service failed to authenticate the request. Verify that the workspace ID and connection key are valid.