Simplifying Threat Investigations: New HYAS Insight Playbooks for Microsoft Azure Sentinel

The HYAS Insight Logic Apps connector for Microsoft Azure Sentinel was announced and generally available in October and is already accelerating threat investigations for enterprises using Azure Sentinel. One nifty feature of Azure Sentinel that helps automate processes is playbooks. Playbooks in Azure Sentinel are a collection of procedures that can be run in response to an alert. A security playbook can help you automate and orchestrate a response and can be run manually or set to run automatically when specific alerts are triggered. While you can build your own playbooks inside Azure Sentinel, HYAS has now published preconfigured playbooks that you can use to enrich Azure Sentinel with HYAS reference information to help simplify and automate investigations.  

HYAS and Azure Sentinel Empower Security Teams

For those that have not explored it, Azure Sentinel is a cloud-native, next-generation SIEM that transforms how security teams triage incidents in their organizations. Security teams can quickly be up, running, and responding to alerts to supercharge threat investigations and automate incident response at scale.

HYAS has a huge data lake of accumulated knowledge around adversary infrastructure that can inform and accelerate investigations. HYAS Insight connects specific attack instances and campaigns to billions of historical and real-time indicators of compromise approximately 3X faster than conventional approaches, dramatically increasing efficiency and delivering critical results with the speed required by modern businesses.

To simplify and streamline using the HYAS Insight integration for Azure Sentinel, we created a series of 13 playbooks covering a variety of scenarios. The new playbooks are available at and cover the following scenarios:



Retrieve Current WHOIS Information for domain


Retrieve Historic WHOIS Information for domain


Retrieve Passive DNS Information for domain


Retrieve Geo Information for IPv4 address


Retrieve Geo Information for IPv6 address


Retrieve Dynamic DNS Information for IP address


Retrieve Passive DNS Information for IP address


Retrieve Passive Hash Information for IP address


Retrieve Sinkhole Information for IP address


Retrieve SSL certificate Information for IP address


Retrieve Dynamic DNS Information for email address


Retrieve Historic WHOIS Information for email address


Retrieve Historic WHOIS Information for phone number


 Importing HYAS Insight Playbook Templates for Azure Sentinel

You can use the Microsoft instructions available from for deploying the HYAS Insight playbook templates.


Enjoy automating and speeding your investigations with these new playbooks for Azure Sentinel! To learn more about HYAS Insight and the integration with Azure Sentinel, read the solution brief or request a demo (we LOVE giving demos!).