Dragos Platform integration with Microsoft Sentinel
Solution: Dragos
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Dragos Inc |
| Support Tier | Partner |
| Support Link | https://www.dragos.com |
| Categories | domains |
| Version | 3.0.0 |
| Author | Dragos Inc. - support@dragos.com |
| First Published | 2025-01-23 |
| Last Updated | 2025-01-23 |
| Solution Folder | Dragos |
| Marketplace | Azure Marketplace · Popularity: 🟡 Low (41%) |
| Pre-requisites | Common Event Format |
The Dragos Platform is the leading Industrial Cyber Security platform it offers a comprehensive Operational Technology (OT) cyber threat detection built by unrivaled industrial cybersecurity expertise. This solution enables Dragos Platform notification data to be viewed in Microsoft Sentinel so that security analysts are able to triage potential cyber security events occurring in their industrial environments.
Contents
Pre-requisites
This solution depends on 1 other solution(s):
| Solution |
|---|
| Common Event Format |
Data Connectors
This solution provides 1 data connector(s):
Connectors from dependency solutions:
- Common Event Format (CEF) (dependency on Common Event Format)
- Common Event Format (CEF) via AMA (dependency on Common Event Format)
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
Common Event Format (CEF) (dependency), Common Event Format (CEF) via AMA (dependency) | - |
DragosAlerts_CL |
Dragos Notifications via Cloud Sitestore | - |
Internal Tables
The following 1 table(s) are used internally by this solution's content items:
| Table | Used By Connectors | Used By Content |
|---|---|---|
SecurityAlert |
- | Analytics |
Content Items
This solution includes 5 content item(s):
| Content Type | Count |
|---|---|
| Parsers | 4 |
| Analytic Rules | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Dragos Notifications | Medium | - | Internal use:SecurityAlert |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| DragosNotificationsToSentinel | - | Internal use:SecurityAlert (read) |
| DragosPullNotificationsToSentinel | - | DragosAlerts_CL (read)Internal use: SecurityAlert (read) |
| DragosPushNotificationsToSentinel | - | CommonSecurityLog (read) |
| DragosSeverityToSentinelSeverity | - | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 10-01-2025 | Initial solution release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊