Sentinel

Microsoft Azure Sentinel is a cloud-native, next-generation SIEM that is being rapidly adopted by some of our largest and most strategic customers. The Darktrace Immune System now integrates seamlessly with this technology.

A bespoke Darktrace workbook within Microsoft Sentinel allows security teams to send and visualize Darktrace alerts and Cyber AI Analyst incidents. The workbook contains a number of visualizations for cloud environments, Antigena actions, and an overview page which can display alerting over time and rank devices and alert activity by threat score and breach activity.

The integration also enables security teams to produce a high-level overview of compliance activity over time, allowing senior users to see the impact of Darktrace on compliance issues within their organizations.

An overview page of the Darktrace Sentinel workbook showing model breaches over time

View AI Analyst incidents within Sentinel

A crucial component of the integration is the ingestion of automatically investigated Cyber AI Analyst incidents into Sentinel. These can be then grouped by activity, and users can pivot back into the Darktrace Threat Visualizer with a single click, allowing for further investigation.

Within Sentinel, customers can send Cyber AI Analyst incidents directly to ticketing systems, and dedicated logic apps can then enrich endpoint data with Threat Intelligence. The ability to take incidents from Cyber AI Analyst and create an actionable ticket which can be enriched with other data from the security stack significantly reduces and streamlines manual workloads for human teams.