Create an Alert Rule

Before you begin

In order to send alerts to Microsoft Sentinel, the following information is required:

  • Create an Azure Log Analytics Workspace.

  • Define an Azure Log Table.

Procedure

Step 1

Navigate to System and Accounts > Service Alerts > Alert Rules.

Step 2

Click Create.

Step 3

Profile Name - Enter unique name for the integration. Example mcd-mssentinel-alert-rule.

Step 4

Description (optional) - Enter a description for the alert rule.

Step 5

Alert Profile - Using the pulldown, choose the appropriate profile you previously created. As example, select profile created above mcd-mssentinel-profile.

Step 6

Type - Using the pulldown, select either System Logs or Discovery.

Step 7

Sub Type - For Type System Logs, the Sub Type pulldown options are either: Gateway or Account. For Type Discovery, the Sub Type pulldown optionis: Insights Rule.

Step 8

Severity - For selected Type System Logs, and using the pulldown, select a Severity level from options: Info Warning Medium High or Critical. For Type Discovery, select a Severity level from options: Info Medium Critical.

Step 9

Enabled - Using the checkbox, check to enable this alert profile.

Step 10

Click Save.