0
11.0.24
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Microsoft Azure Sentinel Incident Ingestion integration allows you to automatically retrieve incidents from Azure Sentinel, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discover Microsoft Azure Sentinel incidents that are candidates for security incidents and automate the creation of security incidents.
- Mapping Microsoft Azure Sentinel incident and entity fields to SIR security incident fields.
- Filtering of Microsoft Azure Sentinel incidents.
- Aggregation of similar incidents to existing open security incidents so that you don't have to create duplicate security incidents.
- Automatic Microsoft Azure Sentinel incident status update for SIR security incident creation and closure.
- Scheduled ingestion of incidents that create security incidents periodically.
- Synchronization of Microsoft Azure Sentinel incident comments with SIR worknotes.
Changed:
- Introduced support for polling closed incidents during ongoing ingestion processes. Additionally, a new
statefield has been added to the mapping section.
Fixed:
- Multiple issues have been addressed and resolved as part of this release.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin and the Security Incident Response UI.