Simplifying Threat Investigations: New HYAS Insight Playbooks for Microsoft Azure Sentinel
Posted by HYAS | December 9 2020
The HYAS Insight Logic Apps connector for Microsoft Azure Sentinel was announced and generally available in October and is already accelerating threat investigations for enterprises using Azure Sentinel. One nifty feature of Azure Sentinel that helps automate processes is playbooks. Playbooks in Azure Sentinel are a collection of procedures that can be run in response to an alert. A security playbook can help you automate and orchestrate a response and can be run manually or set to run automatically when specific alerts are triggered. While you can build your own playbooks inside Azure Sentinel, HYAS has now published preconfigured playbooks that you can use to enrich Azure Sentinel with HYAS reference information to help simplify and automate investigations.
HYAS and Azure Sentinel Empower Security Teams
For those that have not explored it, Azure Sentinel is a cloud-native, next-generation SIEM that transforms how security teams triage incidents in their organizations. Security teams can quickly be up, running, and responding to alerts to supercharge threat investigations and automate incident response at scale.
HYAS has a huge data lake of accumulated knowledge around adversary infrastructure that can inform and accelerate investigations. HYAS Insight connects specific attack instances and campaigns to billions of historical and real-time indicators of compromise approximately 3X faster than conventional approaches, dramatically increasing efficiency and delivering critical results with the speed required by modern businesses.
To simplify and streamline using the HYAS Insight integration for Azure Sentinel, we created a series of 13 playbooks covering a variety of scenarios. The new playbooks are available at https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks and cover the following scenarios:
Enjoy automating and speeding your investigations with these new playbooks for Azure Sentinel! To learn more about HYAS Insight and the integration with Azure Sentinel, read the solution brief or request a demo (we LOVE giving demos!).
