Microsoft Sentinel Threat Intelligence Integration
PrecisionSec’s Threat Intelligence integrates seamlessly with Microsoft Sentinel, Microsoft’s Cloud-native SIEM Solution, bringing you curated threat intelligence data directly into your workspace. Leveraging the Microsoft Security Graph API, our integration provides easy access to all of your threat intelligence data directly from the Sentinel dashboard.
Automatically Create Incidents based on Custom Analytics Rules
We provide a number of pre-built Analytics rules which complement our Threat Intelligence integration. These rules enable analysts to schedule searches that correlate user activity against know bad threat data and any flag potential incidents. Incident creation is handled automatically – enabling analysts to focus on more proactive hunting tasks.
Automatically generated incidents are handled using the Alerts feature of Microsoft Sentinel and will appear under the Incidents subcategory of “Threat Management.” Analysts can easily kick off additional investigative tasks from here such as running playbooks or creating additional automation rules.
Curated Threat Intelligence for Microsoft Sentinel
- Thousands of IOC’s per day pushed seamlessly into your workspace using the Microsoft Security Graph API
- Quickly identify clients that have connected to malicious IPs or resolved malicious domain names
- Automated incident creation using custom pre-built Analytics rules
- Supplemental indicator context including:
- Malware family
- C2 information (domains, URL’s and IPv4 addresses)
- Campaign and botnet ID’s
- High fidelity identification and classification of precursor malware and C2 frameworks such as Cobalt Strike
