Skip to main content

Microsoft Sentinel

microsoft-sentinel

Version: 1.3
Updated: Sep 04, 2023

Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise.

Actions​

  • List Incident Comments (Enrichment) - Gather all comments for a specific incident.
  • Get Incident (Enrichment) - Get a specific incident.
  • List Incidents (Enrichment) - Get a list of all incidents.
  • Search Into Sentinel Events (Enrichment) - Query into a Sentinel event.
  • List Incident Entities (Enrichment) - Get all incident related entities.
  • Add Incident Comment (Containment) - Add a new incident comment.
  • Delete Incident (Containment) - Delete an incident.
  • Update Incident (Containment) - Update an incident.
  • Microsoft Sentinel Incidents Daemon (Daemon) - Automatically pull all Sentinel incidents.

Change Log​

  • September 2, 2020 - First upload
  • June 8, 2022 - Updated actions: added "Scope" field
  • July 11, 2023 (v1.2) - Updated the integration with Environmental Variables
  • September 4, 2023 (v1.3)
    • integration refactored
    • removed Alerts Daemon Sentinel (replaced by Microsoft Graph Security Alerts Daemon, in Graph Security integration)
    • renamed action Get Entities to List Incident Entities
    • renamed action Get Incident Comments to List Incident Comments
    • renamed action Get Incidents to List Incidents
    • renamed action Incidents Daemon Sentinel to Microsoft Sentinel Incidents Daemon
    • added new action List Incident Alerts
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.