Last Updated on August 13, 2025 by Arnav Sharma
I recently compiled all (all of the available resources in TF) the components and deployed them using Terraform.
To deploy a complete setup, just change 3 inputs and the complete sentinel solution should be up and running in 10-15 mins.
Here’s the code to set up Sentinel using Terraform and Terragrut.
Repo: sharmaarnav/as-sentinel (github.com)
Changes needed to deploy Sentinel: Go to the terragrunt.hcl file in the production folder and modify:
- Prefix – this sets names for all resources
- Location
- And set if you have enabled P2 license in AD and E5 in O365. (Set the value to 0 if you don’t have a license and set 1 if you have activated the license)
No other changes are needed apart from the basics (authentication, terraform and terragrunt)
Resources Deployed:
- A resource group
- Log Analytics Workspace
- Solution – SecurityInsights
- Sentinel Fusion Alert Rule.
- Sentinel Machine Learning Behavior Analytics Alert Rule.
- Sentinel MS Security Incident Alert Rule.
- Sentinel Scheduled Alert Rule.
- Sentinel Automation Rule.
- Connector to O365
- Connector to AAD
- Connector to App Security
- Connector to ATP
- Connector to Microsoft Defender ATP
- Connector to Cloud Security
The code:
Source modules: as-sentinel/Modules at main ยท sharmaarnav/as-sentinel (github.com)
Live Repo: as-sentinel/SentinelLiveRepo/Production at main ยท sharmaarnav/as-sentinel (github.com)
To Deploy:
- Fork the repo and clone to your system. Open the related path using VSCode or other tools.
- Browse to the production folder and update the terragrunt.hcl file.
- Use terragrunt run-all apply command to deploy.
(PS – You need to install Terragrunt and Terraform to have this up and running)
Code Structure:
Red: Modules
Yellow: Live code
