HomeMITRECVE JournalCarbonpediaDocsReleases
Microsoft Sentinel

Microsoft Sentinel

This guide explains how to integrate Microsoft Sentinel (formerly Azure Sentinel) with RedCarbon.

Overview

The Microsoft Sentinel integration allows RedCarbon to ingest Incidents and Alerts from your Azure environment.

Configuration

To configure the integration, you need to register an application in Azure Active Directory (Entra ID) and grant it permissions to access the Sentinel workspace.

Step 1: Register an Application (App Registration)

  1. Log in to the Azure Portal with an account that has the Global Administrator role.
  2. Navigate to Azure Active Directory > App registrations > New registration.
  3. Enter a name (e.g., RedCarbon-Integration).
  4. Click Register.

Step 2: Grant API Permissions

  1. On the application page, select API Permissions.
  2. Click Add permissions and add permissions accordingly to the following information.
  3. Check the table API/Permissions name.
  4. Check that the following permissions in Microsoft Graph are enabled:
  • SecurityAlert.Read.All
  • SecurityEvents.Read.All
  • SecurityIncident.Read.All
  • ThreatHunting.Read.All
  1. Check that the following permissions in Microsoft Threat Protection are enabled:
  • Incident.ReadWrite.All
  1. Important: Click Grant admin consent for [Organization Name] to activate the permissions.

Step 3: Create a Client Secret

  1. Navigate to Certificates & secrets.
  2. Click New client secret.
  3. Add a description and expiration period.
  4. Click Add.
  5. Copy the Secret Value immediately.

Step 4: Gather Required IDs

You will need the following information for RedCarbon:

  • Registered App Application/Client ID.
  • Registered App Secret.
  • Tenant ID.
  • Subscription ID.
  • Resource Group Name.
  • Workspace Name.

Step 5: Configure RedCarbon

  1. Log in to the RedCarbon Dashboard.
  2. Navigate to the customer's Integrations page.
  3. Select Microsoft Sentinel.
  4. Enter the required data.
  5. Click Save and then Test.

Configure RedCarbon

Severity Mapping

The following table shows how Microsoft Sentinel severity levels are mapped to RedCarbon severity scores:

Original SeverityRedCarbon Score
Informational0
Low10
Medium40
High70
Critical90