Sentinel

prerequisite you have to get the aishield ai security monitoring app for microsoft sentinel from azure marketplace to get started with below steps detail steps deploy aishield ai security monitoring for microsoft sentinel app to your microsoft sentinel enabled log analytics workspace following component will be deployed with this installation data connector azure sentinel enables you to use data connectors to configure connections with aishield product parser parser are built as user defined functions that transform data in existing table as the normalized schema analytics rules scheduled analytics rules are based on built in queries written by aishield team to create security alert/incidents please follow below steps for aishield ai security monitoring connector installation 1 go to the azure marketplace and search for aishield ai security monitoring app for microsoft sentinel and click on get it now 2\ it will redirect to the solution installation page and click on create button after clicking on create, it will show you detailed components and details select the subscription and resource in which log analytics workspace resides after that review the details and click on create it will deploy all the components into the sentinel enabled logs analytics workspace you will be able to see deployed component using following steps data connector go to the data connector page and search for the aishield you will be able to see data connector page parser log analytics workspace > go to function > you will able to see parser analytics rule microsoft analytics is where you set up rules to find issues with the ai after setting up everything,you'll get two important codes from the aishield data connector page in your microsoft sentinel workspace customer id (azure log customer id) shared key (azure log shared key) you need to take these codes and put them into the aishield threat informed defense app please go through the readme txt file provided by aishield threat informed endpoint defense (edr) and follow the below defense connector steps for setup defense connector you can download the defense artifact after your job runs successfully the defense artifact will contain the defense model in h5 and onnx formats, one python file, and a readme file describing the steps to follow to use it assuming you have already downloaded the artifact, you can follow the steps below to configure the defense with azure sentinel and splunk connector aishield provided threat informed defense model zip folder contains the following files 1\ defense model architecture image 	2\ defense model classification report image 	3\ defense model confusion matrix image 	4\ defense model (h5 format) 	5\ defense model (onxx format) 	6\ predict py 7\ readme txt following steps describe the procedure to integrate and test aishield provided threat informed defense model step 1 install python packages pip install numpy pip install tqdm pip install tensorflow pip install cv2 step 2 import aisdefensemodel and necessary libraries from predict import aisdefensemodel import tensorflow import cv2 import numpy as np step 3 load the tensorflow model defense model path variable is used to store the file path or location on the local system where a defense model is expected to be found defense model = tensorflow\ keras models load model(defense model path) step 4 create aisdefensemodel with connector model = aisdefensemodel(defense model, azure log customer id, azure log shared key) parameters azure log customer id azure object id (workspace id) of your workspace to log event data azure log shared key primary key of the log analytics workspace to log event data step 5 test aisdefensemodel load the necessary data and use aishield provided attack data for testing the defense model attack data = load data(attack data list) model predict(attack data) once aishield provided threat informed endpoint defense (edr) app sending logs to microsoft sentinel you will be able to see logs using parser name or table name\ l aishield or aishield cl if you have any questions or need any help related to this integration please get in touch with aishield contact\@bosch com