PARTNER INTEGRATION

Microsoft Sentinel

Visit Site

Microsoft Sentinel is a scalable, cloud-native solution that provides: Security information and event management (SIEM) Security orchestration, automation, and response (SOAR) Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Integrated Dataminr Products
Agentic Threat Intelligence Platform
Investigation Insights

Microsoft Azure Sentinel

With the Microsoft Azure Sentinel Playbook app and Service app, you can better manage and ingest Incidents and Alerts in Azure Sentinel. Dataminr provides context on indicators and enables you to easily spot abnormal trends and patterns to act on them efficiently. Additionally, analysts working in Azure Sentinel can view real-time indicator enrichment, add indicators back into Dataminr, and record false positives. You can then tie your data to Playbooks to automate nearly any cybersecurity task and respond to threats faster directly from Azure Sentinel – as well as send data to other tools like your EDR or Network Security tools for alerting or blocking purposes. The following actions are available:

  • Create Incident Comment
  • Get Alert
  • Get Incident
  • List Alerts
  • List Incidents
  • Update Incident

These apps can be found in the Dataminr App Catalog under the names: Microsoft Azure Sentinel (Playbook), Microsoft Azure Sentinel (Custom Trigger)

Microsoft Sentinel with Investigation Insights

The Investigation Insights – Microsoft Sentinel integration enables analysts to quickly query indicators within Sentinel, allowing analysts to quickly make decisions. The Sentinel integration queries the threat intelligence and geo location information in Sentinel as well as enables analysts to add a Kusto Query, to query Sentinel logs.

Examples

Microsoft Sentinel Data Overview – Threat Intelligence

  • Summary Tags: When an analyst runs a search on an indicator with Microsoft Sentinel they will quickly be able to see the number of associated logs, geographic associations and if there is any threat intelligence about the indicators. Enabling them to quickly triage indicators.
  • Threat Intel Details: When drilling into the details of the integration analysts can quickly triage the threat intelligence information. Quickly being able to tell when the threat intel was created, where it came from the confidence of the threat and any associated tags.

Microsoft Sentinel Data Overview – Kusto Query Logs

  • Kusto Query Details: When drilling into the details of the integration, analysts can quickly see the associated logs in the Kusto Query Logs section of the integration details. Being able to tell exactly where the logs came from and any associated context coming from the query.

Note this data will vary depending on the query that has been set up for the integration.

Microsoft Sentinel Data Overview – Geo Location

  • Geo Location: When drilling into the details of the integration analysts can quickly see the geo location information if there is any associated with the indicator. Quickly being able to tell if there was where the indicator originated from.

Microsoft Azure ADFS errors with Investigation Insights

The Investigation Insights – Azure ADFS Errors integration allows analysts to quickly look up the ADFS error codes further providing context around what the error is and how to troubleshoot it.

Looking for Integration Not Shown

Contact Us