Microsoft Azure Sentinel

Main articles:

• SaaS - History. Philosophy. Drivers of development
• Security Information and Event Management (SIEM)

Microsoft Azure Sentinel is a scalable cloud-based Security Information Security and Event Management (SIEM) solution, as well as automated response by orchestrating security operations. Azure Sentinel provides intelligent security intelligence and threat analytics across the enterprise, providing a single solution for detecting alerts, threat visibility, proactive threat detection, and threat response.

2021: Integration with Group-IB Threat Intelligence & Attribution

On April 23, 2021, Microsoft and Group-IB announced the integration of Azure Sentinel, a cloud-based information security management solution, with the Group-IB Threat Intelligence & Attribution (TI & A) cyber attack research and attribution system.

The task of the Group-IB and Microsoft developers within the project was to load the Group-IB TI & A knowledge bases into Azure Sentinel for automatic scanning and detection of relevant TI indicators in the logs of the organization's data sources for further study and analysis.

As part of the implementation of this project, we solved the tasks of automated delivery of current compromise indicators from Group-IB TI & A to Azure Sentinel for further investigation and analysis of threats, "emphasizes Stanislav Fesenko, head of the Group-IB system solutions department. - This approach will allow companies to increase the speed of response of internal teams to a potential incident and strengthen the protection of IT infrastructure through the capabilities of hunting to prevent cybercrime even at the stage of their preparation.