Task 1: Create a Log Analytics workspace
In the Azure portal, search for and select Microsoft Sentinel.
Select + Create.
Select Create a new workspace.
Select RG2 as the Resource Group.
Enter a valid name for the Log Analytics workspace
Select the region for the workspace.
Select Review + create to validate the new workspace.
Select Create to deploy the workspace.
Task 2: Deploy Microsoft Sentinel to a workspace
When the workspace deployment completes, select Refresh to display the new workspace.
Select the workspace you want to add Sentinel to (created in Task 1).
Select Add.
Task 3: Assign a Microsoft Sentinel role to a user
Go to the Resource group RG2.
Select Access control (IAM).
Select Add and Add role assignment.
In the search bar, search for and select the Microsoft Sentinel Contributor role.
Select Next.
Select the option User, group, or service principal.
Select + Select members.
Search for the Operator1.
Select the user icon.
Select Select.
Select “Review + assign”.
Task 4: Configure data retention
Go to the Log Analytics workspace created in Task 1 step 5.
Select Usage and estimated costs.
Select Data retention.
Change data retention period to 180 days.
Select OK.
Top comments (0)