Blog
ExtraHop Reveal(x) + Microsoft Azure Sentinel
Enhance Your SIEM with Cloud-Native NDR
ExtraHop
September 30, 2021
The ExtraHop integration with Microsoft Azure Sentinel combines what RevealX 360 does best—providing packet-level visibility, real-time threat detection, and fast investigation with Azure Sentinel's cloud-native security information and event management capabilities.
Watch the video below to learn more, and continue reading for a deeper description of how the integration works, why it's valuable, and how to integrate SaaS-based RevealX network detection and response (NDR) to your Azure Sentinel SIEM.
How It Works + Why It's Valuable + How to Integrate
How It Works
RevealX monitors and analyzes network traffic in the east-west corridor, filling in visibility gaps left by data sources your Azure Sentinel SIEM already uses. With cloud-scale machine learning-powered behavioral detections, RevealX is able to send high-fidelity alerts to Azure Sentinel for further investigation and/or response.
Why It's Valuable
Network data and behavioral detections from RevealX supplement the log data your Azure Sentinel SIEM already uses to increase visibility and detect threats across Azure workloads in real time. With automated asset discovery, classification, and dependency mapping, RevealX provides an always up-to-date inventory of assets in Azure and hybrid environments.
The RevealX integration with Azure Sentinel also enables security teams to orchestrate and automate responses through playbooks based on their unique security policies for faster remediation:
The RevealX data connector allows Azure Sentinel to automatically import wire and detection data to a dedicated workbook conveniently located in the Sentinel user interface:
By clicking into the ExtraHop workbook, you gain a complete picture of suspicious or anomalous behavior occurring anywhere in your Azure or hybrid environment. You can view detections in a timeline, as well as by category, IP address, and more:
RevealX detection data also integrates with custom Jupyter notebooks that SecOps can use to conduct more in-depth investigations and hunt for threats:
How to Integrate SaaS-based NDR to Your Azure Sentinel SIEM
To get started using the RevealX integration with Azure Sentinel:
- Go to your Azure Sentinel workspace, select data connectors from the menu, and then select the ExtraHop RevealX connector to begin setting up the connection.
If you would like more information about the ExtraHop RevealX integration with Azure Sentinel, please visit our Microsoft integration page.
To try RevealX for yourself, head to our online demo—a full, unthrottled version of our NDR solution running on example data.
Discover more