Sending Security Events to Microsoft Sentinel

You can configure Microsoft Sentinel to pull security events from a CloudGuard service account and show them in Microsoft Sentinel.

Microsoft Sentinel Requirements

• You must have Security Administrator permissions.

• You must have Owner or Contributor role permissions in the Log Analytics workplace.

CloudGuard Requirement

• There must be one or more CloudGuard policies configured for Security Events. For more information, see Intelligence Security Events.

To configure Microsoft Sentinel to pull security events from CloudGuard:

Important - Keep Microsoft Sentinel and CloudGuard open during this entire procedure.

1. In CloudGuard, from the left menu, expand Integration Hub and click Integrations.

2. In the Events and Logging section, click Microsoft Sentinel.

   In CloudGuard, the Microsoft Sentinel configuration window opens.

3. Click Add.

4. Follow the steps shown in the Microsoft Sentinel configuration window to connect a CloudGuard service account to Microsoft Sentinel. For more information about CloudGuard service accounts, see Service Accounts.

5. Click Save.