Skip to main content

Microsoft Sentinel

Download With Dependencies

Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise.

Use the Azure Sentinel integration to get and manage incidents and get related entity information for incidents.
​

What does this pack do?

  • Gets a single incident or a list of incidents from Azure Sentinel.
  • Gets a list of watchlists from Azure Sentinel.
  • Creates, updates, or deletes a watchlist in Azure Sentinel.
  • Updates or deletes a single incident in Azure Sentinel.
  • Gets, adds, or deletes the comments of an incident from Azure Sentinel.
  • Gets a list of an incident's related entities from Azure Sentinel.
  • Gets a list of an incident's entities from Azure Sentinel.
  • Gets a list of an incident's alerts from Azure Sentinel.
  • Get a single watchlist item or list of watchlist items.
  • Creates, updates, deletes a watchlist item.
  • Returns a list of threat indicators.
  • Returns a list of threat indicators with specific entities.
  • Creates, updates, or deletes a threat indicator.
  • Appends new tags to an existing indicator.
  • Replaces the tags of a given indicator.

Pack Contributors:

  • ClĂ©ment Verhille

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Use the Azure Sentinel integration to get and manage incidents and get related entity information for incidents.
​

What does this pack do?

  • Gets a single incident or a list of incidents from Azure Sentinel.
  • Gets a list of watchlists from Azure Sentinel.
  • Creates, updates, or deletes a watchlist in Azure Sentinel.
  • Updates or deletes a single incident in Azure Sentinel.
  • Gets, adds, or deletes the comments of an incident from Azure Sentinel.
  • Gets a list of an incident's related entities from Azure Sentinel.
  • Gets a list of an incident's entities from Azure Sentinel.
  • Gets a list of an incident's alerts from Azure Sentinel.
  • Get a single watchlist item or list of watchlist items.
  • Creates, updates, deletes a watchlist item.
  • Returns a list of threat indicators.
  • Returns a list of threat indicators with specific entities.
  • Creates, updates, or deletes a threat indicator.
  • Appends new tags to an existing indicator.
  • Replaces the tags of a given indicator.

Pack Contributors:

  • ClĂ©ment Verhille

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedSeptember 7, 2020
Last ReleaseDecember 4, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.