The ExtraHop integration with Microsoft Azure Sentinel combines what Reveal(x) does best—provide complete visibility, real-time threat detection, and guided investigation—with Azure Sentinel's cloud-native security information and event management capabilities.
Watch the video below to learn more, and continue reading for a deeper description of how the integration works, why it's valuable, and how to get started.
How It Works + Why It's Valuable + How to Get Started
How It Works
Reveal(x) analyzes network traffic in the east-west corridor, filling in visibility gaps left by data sources your Azure Sentinel SIEM already uses. With cloud-scale machine learning-powered behavioral detections, Reveal(x) is able to send high-fidelity alerts to Azure Sentinel for further investigation and/or response.
Why It's Valuable
Network data and behavioral detections from ExtraHop Reveal(x) supplement the log data already in your Azure Sentinel SIEM to increase visibility and detect threats across Azure workloads in real time. With automated asset discovery, classification, and dependency mapping, Reveal(x) helps reduce risks like misconfigurations, insecure APIs, and unauthorized access.
The Reveal(x) integration with Azure Sentinel enables security teams to orchestrate and automate responses through playbooks based on their unique security policies for faster response and remediation:
The Reveal(x) data connector allows Azure Sentinel to automatically import wire and detection data to a dedicated workbook conveniently located in the Sentinel user interface:
By clicking into the ExtraHop workbook, you gain a complete picture of suspicious or anomalous behavior occurring anywhere in your hybrid environment. You can view detections in a timeline, as well as by category, IP address, and more:
Reveal(x) detection data also integrates with custom Jupyter notebooks that SecOps and DevOps can use to conduct more in-depth investigations and hunt for threats:
How to Get Started
To get started using the Reveal(x) integration with Azure Sentinel:
- Visit the ExtraHop Bundles Gallery to download the ExtraHop Detection SIEM Connector bundle
- Go to your Azure Sentinel workspace, select data connectors from the menu, and then select the ExtraHop Reveal(x) connector to begin setting up the connection
If you would like more information about the ExtraHop Reveal(x) integration with Azure Sentinel, please visit our Microsoft integration page.