Microsoft Sentinel Threat Intelligence Integration

PrecisionSec’s Threat Intelligence integrates seamlessly with Microsoft Sentinel, Microsoft’s Cloud-native SIEM Solution, bringing you curated threat intelligence data directly into your workspace. Leveraging the Microsoft Security Graph API, our integration provides easy access to all of your threat intelligence data directly from the Sentinel dashboard.

 

Investigate

Microsoft Sentinel Threat Intelligence integration automatically identifies potential incidents, allowing you to focus resources on more proactive activities.

Integrate

Microsoft Sentinel support provides seamless integration with the popular SIEM product using the Microsoft Security Graph API, allowing you to quickly ingest and correlate potential threats against collected log data.

Correlate

Quickly correlate Threat Intelligence Indicators with asset logging data using our pre-built Analytics queries – no need to write any Kusto Query Language (KQL) queries by hand.

Automatically Create Incidents based on Custom Analytics Rules

We provide a number of pre-built Analytics rules which complement our Threat Intelligence integration. These rules enable analysts to schedule searches that correlate user activity against know bad threat data and any flag potential incidents. Incident creation is handled automatically – enabling analysts to focus on more proactive hunting tasks.

Automatically generated incidents are handled using the Alerts feature of Microsoft Sentinel and will appear under the Incidents subcategory of “Threat Management.” Analysts can easily kick off additional investigative tasks from here such as running playbooks or creating additional automation rules.

 

Curated Threat Intelligence for Microsoft Sentinel

  • Thousands of IOC’s per day pushed seamlessly into your workspace using the Microsoft Security Graph API
  • Quickly identify clients that have connected to malicious IPs or resolved malicious domain names
  • Automated incident creation using custom pre-built Analytics rules
  • Supplemental indicator context including:
    • Malware family
    • C2 information (domains, URL’s and IPv4 addresses)
    • Campaign and botnet ID’s
  • High fidelity identification and classification of precursor malware and C2 frameworks such as Cobalt Strike

 

Request a Demo