Sentinel Connect Docs – BuildThingsDigital

General

Why must I relogin every 24 hours?

Sentinel Connect is handled as Single-Page-App and handles the login via Browser. OAuth and Microsoft want to reduce security risk by limiting the lifetime of tokens to 24 hours. https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas#security-implications-of-refresh-tokens-in-the-browser

Are more features to come?

We plan more features within the app. It depends on User feedback, given APIs and device optimization (not everything makes sense on a smartphone display).

Can I give feedback?

Yes please! Write a mail to: info@buildthingsdigital.com

Technical Topics

What Microsoft APIs are used?

Incidents:

Comments:

Watchlists:

Watchlists – List: https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/watchlists/list
Watchlist Items – List: Watchlist Items – List – REST API (Azure Sentinel) | Microsoft Docs

Analytics Rules:

Alert Rules – List: Alert Rules – List – REST API (Azure Sentinel) | Microsoft Docs
Alert Rules – Get: Alert Rules – Get – REST API (Azure Sentinel) | Microsoft Docs

Why does the app need the permission "user impersonation"?

Sentinel APIs require the scope “user_impersonation”. See the example at Get Incident: https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/incidents/get#scopes

Security & Privacy

Where can I find the privacy policy?

Here is our privacy policy: Privacy Policy

Are any data exported, shared or synced?

No! We do not export, share or sync the data. The app is standalone, does not save data from Sentinel and we do not track you or your usage of the app. We save the connection data, you provide, locally on the device in a 256-bit AES encrypted SQLite database.