VinTekh
All sources
Integration

Microsoft Sentinel

Pull triaged Sentinel incidents into VinTekh. Lighter-scope than the full Azure connection — needs only Microsoft Sentinel Reader on each workspace you want monitored.

Connect with Service Principal

Auth mode: ServicePrincipal · scope: Sentinel Reader

How you'll see this source in the list.

Microsoft Entra ID → Overview → Tenant ID.

App registration → Overview → Application (client) ID.

Certificates & secrets → New client secret → copy the Value column.

Comma-separated list of subscription/RG/workspace triples. Each one needs Microsoft Sentinel Reader granted to this SP.

Credentials are encrypted at rest with AES-GCM. Never logged.

One-line bootstrap

Per workspace, in Cloud Shell

SUB=<subscription-id>
RG=<resource-group>
WS=<workspace-name>
az role assignment create \
  --assignee <app-client-id> \
  --role "Microsoft Sentinel Reader" \
  --scope /subscriptions/$SUB/resourceGroups/$RG/providers/Microsoft.OperationalInsights/workspaces/$WS
Sentinel roles docs