Overview
Implement the Azure AD OAuth2 client-credentials flow to authenticate against the Microsoft Sentinel / Log Analytics API. This is the foundation for all live data queries.
Technical approach
frontend/src/lib/sentinel.js — authentication + query runner module- Flow: client credentials → Azure AD token endpoint → bearer token → Log Analytics query API
- Token cached in memory, refreshed 60 seconds before expiry
- Query function:
runKQL(workspaceId, kql) → returns rows or throws on error
- All calls go through a Vercel
/api/sentinel proxy endpoint to avoid CORS (client secret stays server-side)
Acceptance criteria
Part of
Epic #118 — Phase 2 Live Sentinel integration
Depends on: #135 (workspace config UI)
Overview
Implement the Azure AD OAuth2 client-credentials flow to authenticate against the Microsoft Sentinel / Log Analytics API. This is the foundation for all live data queries.
Technical approach
frontend/src/lib/sentinel.js— authentication + query runner modulerunKQL(workspaceId, kql)→ returns rows or throws on error/api/sentinelproxy endpoint to avoid CORS (client secret stays server-side)Acceptance criteria
frontend/src/lib/sentinel.jscreated withauthenticate()andrunKQL()exportsfrontend/api/sentinel.jsVercel edge function createdPart of
Epic #118 — Phase 2 Live Sentinel integration
Depends on: #135 (workspace config UI)