Integration to Azure Log Analytics and Sentinel and ASC

OpenCTI-Platform / connectors

OpenCTI Connectors

https://www.opencti.io

Apache License 2.0

374 stars 403 forks source link

Open Stoffe opened 4 years ago

Stoffe commented 4 years ago

Integration to Azure Log Analytics and Sentinel to be able to get both logs as well as incidents created by the Sentinel and Azure Security Center.

Integration to Azure Log Analytics and Sentinel to be able to get both logs as well as incidents created by the Sentinel and Azure Security Center.

See docs.microsoft.com for information

itsvrl commented 2 years ago

This is a great feature! Can't wait til it's implemented! This is generate tons of use cases!

lnfernux commented 2 years ago

This is a great feature! Can't wait til it's implemented! This is generate tons of use cases!

Same!

Brekket commented 2 years ago

+1 on this feature, would perfectly fit use-cases for CTI work on Sentinel alarms.

SamuelHassine commented 2 years ago

2 connectors here:

EXTERNAL IMPORT : Import alarms from Azure Sentinel as Incident and Import "matches" as Sightings
ENRICHMENT : Be able to ask for log extraction about a speciific observable / indicator

Related to #779