Digital Shadows SearchLight for Microsoft Sentinel
Solution: Digital Shadows
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Digital Shadows |
| Support Tier | Partner |
| Support Link | https://www.digitalshadows.com/ |
| Categories | domains |
| Version | 3.0.0 |
| Author | Digital Shadows - support@digitalshadows.com |
| Last Updated | 2025-12-14 |
| Solution Folder | Digital Shadows |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (56%) |
The Digital Shadows Solution provides ingestion of the incidents and alerts from Digital Shadows Searchlight into the Microsoft Sentinel using the REST API.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
DigitalShadows_CL 🔶 |
Digital Shadows Searchlight | Analytics, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 4 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 2 |
| Workbooks | 1 |
| Playbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Digital Shadows Incident Creation for exclude-app | Medium | - | DigitalShadows_CL |
| Digital Shadows Incident Creation for include-app | Medium | - | DigitalShadows_CL |
Workbooks
| Name | Tables Used |
|---|---|
| DigitalShadows | DigitalShadows_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Digital Shadows Playbook to Update Incident Status | This playbook will update the status of Microsoft Sentinel incidents to match the status of the aler... | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 30-11-2023 | Added new Entity Mapping to Analytic Rules |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊