Cisco Security and Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native solution that provides:

• Security information and event management (SIEM)
• Security orchestration, automation, and response (SOAR)

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.

• Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
• Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
• Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
• Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Product Integrations

• Cisco XDR: Cisco is building an integration with Microsoft Sentinel and Cisco XDR.
• Secure Network Analytics: Alerts can be sent from Secure Network Analytics to Sentinel through a native integration available on Azure Marketplace.
• Secure Firewall: Microsoft Sentinel can collect CEF formatted event data from Secure Firewall via the Cisco eStreamer API.  Sentinel customers can access documentation and software through the Azure marketplace.
• Oort: By integrating Oort audit logs in Sentinel Logs users can:
  Consume Oort failed user checks into Sentinel
  Create scheduled tasks
  Send audit records synchronously
  Created automated responses with Sentinel's SOAR capabilities