Microsoft Sentinel Integration
The Darktrace Immune System now integrates seamlessly with Microsoft Sentinel – a cloud-native, next-generation SIEM rapidly being adopted by organizations around the world.
A bespoke Darktrace Workbook allows security teams to send and visualize Darktrace alerts and Cyber AI Analyst incidents within Sentinel. These can be then grouped by activity, and users can pivot back into the Darktrace Threat Visualizer with a single click, allowing for further investigation. Users can take incidents from Cyber AI Analyst and create an actionable ticket, which can be enriched with other data, streamlining manual workloads for human teams.
The Workbook contains a number of visualizations for cloud environments and Antigena actions. The integration also enables security teams to produce a high-level overview of compliance activity over time, allowing senior users to see the impact of Darktrace on compliance issues within their organizations.