The HYAS Insight Logic Apps connector for Microsoft Azure Sentinel was announced and generally available in October and is already accelerating threat investigations for enterprises using Azure Sentinel. One nifty feature of Azure Sentinel that helps automate processes is playbooks. Playbooks in Azure Sentinel are a collection of procedures that can be run in response to an alert. A security playbook can help you automate and orchestrate a response and can be run manually or set to run automatically when specific alerts are triggered. While you can build your own playbooks inside Azure Sentinel, HYAS has now published preconfigured playbooks that you can use to enrich Azure Sentinel with HYAS reference information to help simplify and automate investigations.
HYAS and Azure Sentinel Empower Security Teams
For those that have not explored it, Azure Sentinel is a cloud-native, next-generation SIEM that transforms how security teams triage incidents in their organizations. Security teams can quickly be up, running, and responding to alerts to supercharge threat investigations and automate incident response at scale.
HYAS has a huge data lake of accumulated knowledge around adversary infrastructure that can inform and accelerate investigations. HYAS Insight connects specific attack instances and campaigns to billions of historical and real-time indicators of compromise approximately 3X faster than conventional approaches, dramatically increasing efficiency and delivering critical results with the speed required by modern businesses.
To simplify and streamline using the HYAS Insight integration for Azure Sentinel, we created a series of 13 playbooks covering a variety of scenarios. The new playbooks are available at https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks and cover the following scenarios:
PLAYBOOK TEMPLATE NAME
Retrieve Current WHOIS Information for domain
Retrieve Historic WHOIS Information for domain
Retrieve Passive DNS Information for domain
Retrieve Geo Information for IPv4 address
Retrieve Geo Information for IPv6 address
Retrieve Dynamic DNS Information for IP address
Retrieve Passive DNS Information for IP address
Retrieve Passive Hash Information for IP address
Retrieve Sinkhole Information for IP address
Retrieve SSL certificate Information for IP address
Retrieve Dynamic DNS Information for email address
Retrieve Historic WHOIS Information for email address
Retrieve Historic WHOIS Information for phone number
Importing HYAS Insight Playbook Templates for Azure Sentinel
You can use the Microsoft instructions available from https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks#instructions-for-deploying-a-custom-template for deploying the HYAS Insight playbook templates.
Enjoy automating and speeding your investigations with these new playbooks for Azure Sentinel! To learn more about HYAS Insight and the integration with Azure Sentinel, read the solution brief or request a demo (we LOVE giving demos!).
- Threat Reports
- HYAS Labs
- Threat Intelligence
- DNS Security
- Artificial Intelligence
- DNS Tunneling
- Major Attacks
- flow data