How to Integrate Edgescan & Azure Sentinel.
This package contains three separate logic apps:
- edgescan_vulnerabilities
- edgescan_assets
- edgescan_hosts
The end goal of this document is to set up Azure Sentinel logic apps that run daily and ingest records created in Edgescan over the past two days. The logic apps will scan the entries created within the last 7 days in the custom logs in Azure Sentinel for IDs duplicate IDs before adding a new entry to the corresponding log.
The logic app templates you will deploy, however, are created for the initial run, which is missing this duplicate checking logic and are instead geared to pull in all data. This documentation will walk you through executing this initial run and then walk you through the changes needed to achieve the end goal.
Entries will be stored in Azure Sentinel custom logs with the following table names:
- edgescan_vulnerabilities_CL
- edgescan_assets_CL
- edgescan_hosts_CL
Viewing Custom Logs
- From your home page, navigate to the Azure Sentinel service
- There, select the workspace your deployed logic apps reference
- There, click on Logs in the left-hand menu and expand Custom Logs
