How do I deploy the NC Protect Data Connector for Microsoft Sentinel from Azure Marketplace?

Instructions on how to deploy the NC Protect Data Connector to a Sentinel-enabled Log Analytics Workspace (LAW).

The NC Protect Data Connector for Microsoft Sentinel enables customers to easily ingest user activity and logs collected in NC Protect and push them into Microsoft Sentinel to analyze the data at cloud scale using pre-built workbooks, as well as trigger alerts. NC Protect’s Data Connector for Microsoft Sentinel is deployed to a Sentinel-enabled Log Analytics Workspace (LAW). 

For more information or to download the NC Protect Data Connector from the Azure Marketplace, refer to: https://azuremarketplace.microsoft.com/en/marketplace/apps/nucleuscyber.nc-protect-azure-sentinel-data-connector?tab=Overview 

Deployment Instructions

To deploy and use the NC Protect Data Connector for Microsoft Sentinel, follow the steps below.

  1. Pre-requites

    1. The NC Protect Data Connector for Microsoft Sentinel is free to NC Protect users. A valid instance of NC Protect for Microsoft 365 is required in order to use the connector.
    2. Create and elevate an Azure Log Analytics Workspace as a Sentinel Workspace. For more information, see Quickstart: Onboard in Microsoft Sentinel | Microsoft Learn

      NOTE: After successfully creating the LAW from the Microsoft Sentinel page, verify that the LAW created has been added to Microsoft Sentinel by going back to the Microsoft Sentinel menu and clicking Add.
    3. Ensure NC Protect for M365 is installed. Then configure the SIEM options to point to this LAW (refer to the NC Protect for M365 installation guide).
  2. Deploy the NC Protect Data Connector for Microsoft Sentinel

    1. Go to the Azure Marketplace NC Protect Data Connector offer, using this link:
      https://azuremarketplace.microsoft.com/en/marketplace/apps/nucleuscyber.nc-protect-azure-sentinel-data-connector?tab=Overview
    2. Click Get it Now and after logging in with the appropriate credentials (see the Quickstart link above). Click on Create:Sentinel Fig 1
    3. Select the Subscription, Resource Group and Sentinel-enabled LAW as defined in Pre-requisite 1 above.
      Sentinel Fig 2
    4. Complete the deployment by clicking Next (Data Connectors -> Workbooks, both of which are contained in the NC Protect Data Connector pack).
    5. Click on Review + Create to proceed with the Validation.
    6. Once Validation is passed, review the Terms of Use, and your subscription details then click Create. This proceeds with the deployment of the various resources:

      Sentinel Fig 3
    7. From the Microsoft Sentinel page, select the Workspace, Configuration > Data Connectors and search for “NC Protect”.
      Sentinel Fig 4
    8. Click on the Open Connector page, to open the NC Protect Data Connector for Sentinel page. This highlights the next steps to perform, such as configuring NC Protect with the details required to populate the Logs.
      Sentinel Fig 5
    9. Take note of the Workspace ID and Primary Key values. These 2 values will be used when configuring NC Protect for M365 for Microsoft Sentinel.

Refer to the NC Protect for M365 Installation Guide for more information.