0
11.0.22
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Microsoft Azure Sentinel Incident Ingestion integration allows you to automatically retrieve incidents from Azure Sentinel, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discover Microsoft Azure Sentinel incidents that are candidates for security incidents and automate the creation of security incidents.
- Mapping Microsoft Azure Sentinel incident and entity fields to SIR security incident fields.
- Filtering of Microsoft Azure Sentinel incidents.
- Aggregation of similar incidents to existing open security incidents so that you don't have to create duplicate security incidents.
- Automatic Microsoft Azure Sentinel incident status update for SIR security incident creation and closure.
- Scheduled ingestion of incidents that create security incidents periodically.
- Synchronization of Microsoft Azure Sentinel incident comments with SIR worknotes.
Fixed:
These defects are fixed:-
- Techniques is missing from Azure Sentinel payload
- Only supports single alert link in the SIR work notes and getting extra comma on multiple alerts for Azure Sentinel Integration.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin and the Security Incident Response UI.