0
11.1.0
Zurich, Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Microsoft Azure Sentinel Incident Ingestion integration allows you to automatically retrieve incidents from Azure Sentinel, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discover Microsoft Azure Sentinel incidents that are candidates for security incidents and automate the creation of security incidents.
- Mapping Microsoft Azure Sentinel incident and entity fields to SIR security incident fields.
- Filtering of Microsoft Azure Sentinel incidents.
- Aggregation of similar incidents to existing open security incidents so that you don't have to create duplicate security incidents.
- Automatic Microsoft Azure Sentinel incident status update for SIR security incident creation and closure.
- Scheduled ingestion of incidents that create security incidents periodically.
- Synchronization of Microsoft Azure Sentinel incident comments with SIR worknotes.
New:
- Enabling users with "sn_si.ingestion_profile_admin" role to manage ingestion profiles on Azure Integration.
Fixed:
- Category field in Azure Sentinel import not populating as per field translation mapping in sn_si_incident table. Allowing the user to create multiple field translations for an attribute.
- If filter condition on coulmn 'properties(labels(labelName))' in the 'Azure Sentinel Incident Import' table requires more than 40 characters data to be matched, condition will be failed and no SIR will get created.
- Issue with Delimiter given for multiple values in mapping page.
- Field translation not working in Azure Sentinel mapping.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin and the Security Incident Response UI.