The first step towards the integration is the creation of Azure Sentinel integration. To add the Azure Sentinel integration, you need to provide the workspace Id, and primary key in the API request body. The workspace Id and primary key can be obtained from Azure workspace that you create. You can specify other optional parameters (base category, minimum severity, etc) as per your requirement.
Once you create the Azure Sentinel integration, the response provides a unique integration identifier (id) for the Azure Sentinel integration.
API Request
"curl --location --request POST""<qualys_gateway_url>/partner-integration/azure/sentinel""-H""Authorization: Bearer <token>""
Note":"“integration.json” contains the request POST data."
Request POST Data (integration.json)
{
" ""workspaceId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
" ""primaryKey":" ""XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
" ""minSeverity":4,
" ""baseCategory":"Potential",
" ""customLogName":"QUALYS_FINDINGS",
" ""name":"Sample Integration",
" ""resultSectionNeeded":false,
" ""apiVersion":"2016-04-01"
}
JSON Output
{
" ""integrationId"=68
}