Skip to main content

Azure Sentinel

Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise.

Use the Azure Sentinel integration to get and manage incidents and get related entity information for incidents.

What does this pack do?

  • Gets a single incident or a list of incidents from Azure Sentinel.
  • Gets a list of watchlists from Azure Sentinel.
  • Creates, updates, or deletes a watchlist in Azure Sentinel.
  • Updates or deletes a single incident in Azure Sentinel.
  • Gets, adds, or deletes the comments of an incident from Azure Sentinel.
  • Gets a list of an incident's related entities from Azure Sentinel.
  • Gets a list of an incident's entities from Azure Sentinel.
  • Gets a list of an incident's alerts from Azure Sentinel.
  • Get a single watchlist item or list of watchlist items.
  • Creates, updates, deletes a watchlist item.
  • Returns a list of threat indicators.
  • Returns a list of threat indicators with specific entities.
  • Creates, updates, or deletes a threat indicator.
  • Appends new tags to an existing indicator.
  • Replaces the tags of a given indicator.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedSeptember 7, 2020
Last ReleaseApril 25, 2022
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.