Skip to content
XDR Forensics Knowledge Base

Microsoft Sentinel Integration

Step 1 - Creating A webhook for Microsoft Sentinel

Section titled “Step 1 - Creating A webhook for Microsoft Sentinel ”
  • Visit the Webhooks page in XDR Forensics,
  • Click the ”+ New Webhook” button in the upper right corner,
  • Provide a self-explanatory name,
  • Select “Microsoft Sentinel: Generic Sentinel Webhook Parser” as the parser for this webhook,
  • Select an Acquisition Profile when the trigger activates this webhook,
  • Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let XDR Forensics configure them automatically based on the matching policy
  • Click the “Save” button

Step 2:

  • Sign in to the Azure portal. Open your related logic app in Logic App Designer.
  • Under the designer’s search box, select Built-in. In the search box, enter http web hook as a filter. From the Triggers list, select the HTTP Webhook.
  • Fill in the box accordingly:
    • Subscribe Method: POST
    • Subscribe URI: Webhook URL
    • Subscribe body: Extended properties.

For more information, please refer to Microsoft Documentation.