Microsoft

SIEM

Pull and Push Finished Intelligence With Bidirectional Azure Sentinel Integration

Pull enriched IOCs from the IntSights Threat Intelligence Platform (TIP) and correlate them with organization-specific threat indicators detected in the Sentinel environment.

Website:
https://azure.microsoft.com/en-us/services/azure-sentinel/

Twitter: @azuresentinel

IntSights for Azure Sentinel
See “Integrate a Microsoft Azure Sentinel Cloud Device“ in the IntSights External Threat Protection User Guide for details on how to configure this integration.

Integration Snapshot

The IOCs dashboard displays all IOCs sent from IntSights, categorized by severity and type.

  • Pull IOCs from the IntSights TIP and correlate them with organization-specific threat indicators found within your Azure Sentinel environment.

  • Gain visibility of all IOCs sent to Azure Sentinel SIEM as well as active IOCs within your Azure Sentinel environment.

  • Access threat indicators continuously enriched with valuable context including related malware, threat actors, and campaigns.

Read Blog

Integration Benefits

  • Automatic export of IntSights threat intelligence, including IOCs from multiple sources, to your Azure Sentinel environment

  • Built-in dashboard visibility of all IOCs sent to Azure Sentinel, including critical indicators detected in your environment

  • Correlations to top malware, threat actors, and attack vectors specifically related to your digital assets

  • Advanced alert triage and investigation within the IntSights Investigation module