As organizations’ digital estate grows, so does the volume of security data. Per a detailed study by Microsoft’s Enterprise Strategy Group (ESG), 76% of organizations report an increase that continues to keep growing. To shore up their defenses, enterprises have deployed dozens of security products, each producing a large volume of alerts. In isolation, these products may have high false-positive rates and poor response prioritization, resulting in deafening alert noise. As a result, organizations report that 44% are never investigated. Part of the reason for these alerts falling through the cracks is a massive shortage of security professionals.
This is where Microsoft Sentinel, Microsoft’s cloud-native Security Incident and Event Management (SIEM), enables organizations to achieve more by tapping into the scale and intelligence of the cloud to deliver instant value to defenders, auto-scale to enterprise needs, and improve the effectiveness of operations using Artificial Intelligence (AI) and automation.
In the Hackathon Spring 2022, Microsoft challenged security experts around the globe to build end-to-end cybersecurity solutions for Microsoft Sentinel that delivers enterprise value by collecting data, managing security, detecting, hunting, investigating, and responding to cybersecurity threats.
A brief summary of the project:
Inspira Enterprise Cyber Security experts participated in the Hackathon 2022 and secured second place based on a jury selection. (Palo Alto – Cortex XDR integration with Microsoft Sentinel).
The project is about creating a custom parser of PA Cortex XDR log ingestion into Sentinel, and we created custom analytics rules, workbooks, dashboards, and SOAR playbooks for automated enrichment, triage, and response.
Following is the Winning Team Krishnan Kartik, Santosh Kumar and Vikas Chaturvedi from Inspira Enterprises, gives customers the ability to get audit logs and incidents from Cortex XDR and provides data enrichment, visualization, and automated incident response with SOAR capabilities in Microsoft Sentinel.