Sentinel is a project of Microsoft Azure with the goal of alerting SOC’s of potential compromise.  The Microsoft Azure Sentinel Incidents CDF retrieves those incidents.

The Microsoft Azure Sentinel Incidents CDF provides the following feeds:

• Microsoft Azure Sentinel Incidents - retrieves a list of incidents.
• Microsoft Azure Sentinel - Authentication (supplemental) - authenticates against Sentinel.
• Microsoft Azure Sentinel - Incidents Relations (supplemental) - retrieves all relations for a given incident.
• Microsoft Azure Sentinel - Entity Details (supplemental) - retrieves context for each entity related to an incident in the incident list by expanding the entity.
• Microsoft Azure Sentinel - Entity Indicators (supplemental) - retrieves a list of indicators, emails, malware and attributes for each entity related to an incident in the incident list.

The integration ingests the following system objects into the ThreatQ platform:

• Incidents
• Indicators