Microsoft Sentinel is a scalable, cloud-native solution that provides:
- Security information and event management (SIEM)
- Security orchestration, automation, and response (SOAR)
Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.
- Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
- Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
- Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
- Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Product Integrations
- Cisco XDR:Microsoft Sentinel - Export Incident Summary (Cisco Managed)
This incident response workflow allows you to export summary of an XDR incident to a Microsoft Sentinel custom table from a playbook or using an automation rule. When using this workflow in a playbook, the user initiates the export. When using this workflow with an incident automation rule, the export can be done automatically when an incident is created.
- Secure Network Analytics: Alerts can be sent from Secure Network Analytics to Sentinel through a native integration available on Azure Marketplace.
- Secure Firewall: Microsoft Sentinel can collect CEF formatted event data from Secure Firewall via the Cisco eStreamer API. Sentinel customers can access documentation and software through the Azure marketplace.
- Oort: By integrating Oort audit logs in Sentinel Logs users can:
Consume Oort failed user checks into Sentinel
Create scheduled tasks
Send audit records synchronously
Created automated responses with Sentinel's SOAR capabilities