Cyware for Microsoft Sentinel

Solution: Cyware

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Cyware
Support Tier	Partner
Categories	domains
Version	3.0.0
Author	Cyware - support@cyware.com
First Published	2024-03-18
Last Updated	2024-03-18
Solution Folder	Cyware
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Cyware solution for Microsoft Sentinel allows users to integrate Cyware and Microsoft Sentinel. Users can send events from Microsoft Sentinel to Cyware for further analysis. This solution also enables users to implement hunting queries that match events that are sent to Microsoft Sentinel from Cyware's Intel Exchange.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 3 table(s) from its content items:

Table	Used By Content
`CommonSecurityLog`	Hunting
`DeviceNetworkEvents`	Hunting
`DeviceProcessEvents`	Hunting

Content Items

This solution includes 4 content item(s):

Content Type	Count
Hunting Queries	3
Playbooks	1

Hunting Queries

Name	Tactics	Tables Used
Detecting Suspicious PowerShell Command Executions	Execution	`DeviceProcessEvents`
Detecting Suspicious PowerShell Command Executions	CommandAndControl	`DeviceNetworkEvents`
Match Cyware Intel Watchlist Items With Common Logs	CommandAndControl, Execution	`CommonSecurityLog`

Playbooks

Name	Description	Tables Used
Send Microsoft Sentinel Incident To Cyware Orchestrate	Send Microsoft Sentinel Incident To Cyware Orchestrate	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	06-03-2024	Initial Solution Release