Microsoft & Cybersixgill Integration

About Microsoft Sentinel

Microsoft Sentinel (previously Azure Sentinel), is a security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution that provides users with a birds-eye view across their enterprise. Microsoft Sentinel makes threat detection and response smarter and faster with artificial intelligence (AI), eliminating security infrastructure setup and maintenance and elastically scales to meet changing security needs.

The Challenge

As organizational infrastructures become more complex, security processes are significantly increasing in importance. Faced with a constant flow of log data and alerts, security teams feel overwhelmed. Without real-time threat intelligence from the clear, deep and dark web feeding into SIEM and SOAR solutions to help teams prioritize alerts, it is impossible to successfully implement a robust security program.

The Solution

With Darkfeed, Microsoft Sentinel users can get real-time warnings about malicious IOCs and block items that threaten their organization by harnessing Cybersixgill’s unmatched intelligence collection capabilities. Sentinel users can consume Darkfeed in one of two ways: integrate Darkfeed into Microsoft Sentinel or automatically enrich IOCs from Microsoft Sentinel, gaining unparalleled context with essential explanations of Microsoft Sentinel’s IOCs.

Darkfeed’s contextual threat intelligence is highly accurate, comprehensive, covert and automated. The feed is structured in the STIX format, using TAXII protocol to allow Microsoft Sentinel users to automatically consume and integrate it with their security systems, processes and methodologies.