Blog

ExtraHop Reveal(x) + Microsoft Azure Sentinel

Enhance Your SIEM with Cloud-Native NDR

ExtraHop

September 30, 2021

The ExtraHop integration with Microsoft Azure Sentinel combines what Reveal(x) 360 does best—providing packet-level visibility, real-time threat detection, and fast investigation with Azure Sentinel's cloud-native security information and event management capabilities.

Watch the video below to learn more, and continue reading for a deeper description of how the integration works, why it's valuable, and how to integrate SaaS-based Reveal(x) 360 network detection and response (NDR) to your Azure Sentinel SIEM.

How It Works + Why It's Valuable + How to Integrate

How It Works

Reveal(x) 360 monitors and analyzes network traffic in the east-west corridor, filling in visibility gaps left by data sources your Azure Sentinel SIEM already uses. With cloud-scale machine learning-powered behavioral detections, Reveal(x) 360 is able to send high-fidelity alerts to Azure Sentinel for further investigation and/or response.

Why It's Valuable

Network data and behavioral detections from Reveal(x) 360 supplement the log data your Azure Sentinel SIEM already uses to increase visibility and detect threats across Azure workloads in real time. With automated asset discovery, classification, and dependency mapping, Reveal(x) 360 provides an always up-to-date inventory of assets in Azure and hybrid environments.

The Reveal(x) 360 integration with Azure Sentinel also enables security teams to orchestrate and automate responses through playbooks based on their unique security policies for faster remediation:

The Reveal(x) data connector allows Azure Sentinel to automatically import wire and detection data to a dedicated workbook conveniently located in the Sentinel user interface:

By clicking into the ExtraHop workbook, you gain a complete picture of suspicious or anomalous behavior occurring anywhere in your Azure or hybrid environment. You can view detections in a timeline, as well as by category, IP address, and more:

Reveal(x) 360 detection data also integrates with custom Jupyter notebooks that SecOps can use to conduct more in-depth investigations and hunt for threats:

How to Integrate SaaS-based NDR to Your Azure Sentinel SIEM

To get started using the Reveal(x) integration with Azure Sentinel:

Go to your Azure Sentinel workspace, select data connectors from the menu, and then select the ExtraHop Reveal(x) connector to begin setting up the connection.

If you would like more information about the ExtraHop Reveal(x) integration with Azure Sentinel, please visit our Microsoft integration page.

To try Reveal(x) 360 for yourself, head to our online demo—a full, unthrottled version of our NDR solution running on example data.

Discover more

RevealXCybersecurityPerformanceTechLaunches

Explore related articles

SIEM Alone Won't Stop Advanced Threats. Integrated NDR & SIEM Can. Here's Why.

July 29, 2021

Learn about the benefits of integrating NDR and SIEM to defend your organization against advanced threats.

CybersecurityNDRSecurity Frameworks

Read article

The Importance of Network Data in Securing Cloud Workloads

April 29, 2021

Cloud workloads are uniquely challenging to secure, from varying applications to shifting workloads. Learn how network data can help.

CybersecurityNDR

Read article

NDR and the SOC Visibility Triad

September 11, 2019

Learn how network detection and response (NDR) completes the SOC Visibility Triad and complements EDR and SIEM tools.

CybersecurityIndustry TrendsTechNDRDecryptionRevealX

Read article

Experience RevealX NDR for Yourself

Schedule a demo

RevealX platform

Deployment

Integrations

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Solutions

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Digital Transformation

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

Why ExtraHop

Customer Stories

News

Careers

Technology Partners

Channel Partners

Managed Service Providers

Service Credits

Resident Experts

Deployments

Customer Community

Technical Support

Education Services

C-Level

Security Threats

Company

Products

How-To

NDR

NPM

Ransomware

Zero Trust

Reports

Demos & Videos

Customer Stories

Webinars

Briefs

At-a-glance

Papers & E-books

Datasheets

Events

Network Protocols

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation