Create Microsoft Sentinel Step Integration in Torq
Create a new APP Registration in Entra ID.
Add the following required API permissions:
Copy the following information from App Registration into a secure location; you will need it when you create the integration in Torq:
Copy the following from your Sentinel Deployment settings:
Grant your app registration access to your Microsoft Sentinel subscription to be able to read and write incidents.
Navigate to your Azure Subscriptions and select the subscription where your Azure Sentinel workspaces are active.
Select
Microsoft Incident Responder
role.In the members section, select the App Registration, which was previously created
Add the app as a member of the Microsoft Incident Responder role under Access Control (IAM)
Click Save.
Create Microsoft Sentinel Step Integration in Torq
Go to Build > Integrations > Steps > Microsoft Sentinel, and click Add.
Give the integration a unique and meaningful name.
Paste the Tenant ID from step 3b.
Paste the Application Client ID from step 3a.
Paste the Application Client Secret from step 3c.
Paste the Subscription ID from step 4a.
Click Add.