Configure SafeTitan Portal
After you've configured permissions for Microsoft Graph on your app, you can update your Orchestrator configuration in the SafeTitan portal.
Go to your SafeTitan portal, and select Real-Time Integrations > Orchestrator Settings.
Select Generate Orchestration Package, which will add a new Orchestrator configuration to the list.
Select the Edit
button next to the Orchestrator package that was generated.In the window that opens, complete the following fields:
Name: Enter a label for the Orchestrator. This can be a useful identifier in a multi-orchestrator setup.
Tenant ID: Enter the name or ID of your Azure Tenant.
Application ID: Enter the value that was provided for your Application ID when you created your application registration in Azure, step 5.
Application Secret: Enter the value that was provided during the generation of your Application Secret, step 3.
Event Grid Endpoint: This is a pre-populated field containing the endpoint used by the Orchestrator to forward events to SafeTitan cloud platform.
Event Grid Shared Access Signature: This is a pre-populated field that is used to authenticate connections to the Event Grid endpoint.
AD Identifier: The default value here is mail. Instead, enter the Azure AD attribute that houses the user's SafeTitan username.
Select Save.
Next, you need to integrate your chosen SIEM / Network monitoring application.