-
Go to Alert sources --> Alert sources and click on Create new alert source
-
Search for Azure Alerts in the search field, click on the Azure Alerts tile and click on Next.
-
Give your alert source a name, optionally assign teams and click Next.
-
Select an escalation policy by creating a new one or assigning an existing one.
-
Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
-
The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.
-
On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.
.png)
.png)
- Go to Azure Portal and then to Azure Sentinel.
.png)
- Create or choose a workspace, then go to Logs and create a query for which you’d like to create an alert.
- Click on the New alert rule button, then choose Create Azure Monitor alert.
.png)
- On the next page change the Condition for the alerts and click on the Add action groups.
- On the modal window click on the Create action group button.
- On the next page name the group e.g. iLert and click on the Actions tab.
- **On the Actions tab, click on the Action type and choose Webhook.**
.png)
- On the modal window in the URI section and **paste the Webhook URL that you generated in ilert and click on OK**. Name the action e.g.** ilert and click on the Review + create** button.
- On the next page click on the Create button.
.png)
- On the next page scroll down to the Alert rule details section, name the alert rule and click on the Create alert rule button.
.png)
- Finished! Your Azure Sentinels alerts will now create alerts in ilert.
Will alerts in ilert be resolved automatically?
No, unfortunately Azure Sentinel alert do not fire resolve events.
Can I connect Azure Sentinel with multiple alert sources from ilert?
Yes, simply create more alert rules in Azure Alerts