This article will provide an overview of the "Bring Your Sentinel" ContraForce deployment method.
The "Bring Your Sentinel" model is best for organizations with existing Azure Sentinel environments, or organizations that want the maximum amount of control over their ContraForce and Sentinel environment. Existing Sentinel data sources and incidents will appear in ContraForce. Re-configuration of your Sentinel environment will not be required. The following steps will show the entire ContraForce onboarding process.
1. Sign In
The first step in onboarding is to sign-in to your Microsoft account that will be used for onboarding. This account must be a global admin, an owner of the Azure subscription housing the Sentinel environment, and able to consent enterprise applications.
Upon sign in, you will be shown application permission consent windows.
2. Choose Your Deployment Method
Step 3. Add Additional Users
While ContraForce is deploying resources, additional user accounts can be added to your ContraForce environment. The "Email" text box is searchable. As users are added, pick the required role for the user as well. The users added will receive an email notification that they have been added to ContraForce.
Step 4. Add Data Sources
The next step integrates data sources into your ContraForce environment. If your Sentinel already has data sources integrated, this step can be skipped. If there are no connected data sources, click "Add Your Connectors."
Additionally, the Integrations page can be accessed by clicking "Add Connectors" show in the top-bar of the ContraForce Command page during onboarding.
When viewing the Integrations page, various data sources that support API connections can be added to your ContraForce environment. The list of sources is below:
- Microsoft Office 365
- Azure Active Directory
- Azure Active Directory Identity Protection
- Microsoft Defender for Identity
- Microsoft Defender for Endpoint
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Cloud
If you do not see a required data source, contact the ContraForce team. Over 150 data sources are supported and the ContraForce team will help guide you on the integration steps needed for your data source requirements.
After selecting the data sources to connect, click "Configure" under "Manage" to finish the integration process. A "Connect" button will be shown.
Step 5: Consent Gamebooks Entities
After data sources have been configured, Gamebook entities can be consented for your ContraForce environment. If these entities are not consented, Gamebooks cannot be run within your ContraForce environment. The Gamebook Consent page within Settings can be accessed by clicking the button shown in the top bar of the ContraForce portal.
Click "Enable" to consent the required entities. Note that if no Endpoint (EDR) solution is connected to ContraForce, the "Enable" button will be hidden.
After consenting Gamebook entities, onboarding is completed. A "Onboarding Completed" message will be shown in the top bar.
Step 6. Manage Notification Preferences
At this point in the onboarding process, all infrastructure and permissions have been completed. The last step is to manage your notification preferences for your user. Email preferences are organized by incident severity. By un-toggling a severity, you will not receive email notifications for that severity of incident.
ContraForce onboarding has now been completed. The ContraForce Customer Success team will schedule a follow up technical session with you to review additional details of your ContraForce environment.
If you have any questions, feel free to contact us at email@example.com.