Endace Vision for Microsoft Sentinel

Solution: Endace

Endace Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Endace
Support Tier	Partner
Support Link	https://endace.com
Categories	domains
Version	3.0.0
Author	Endace - support@endace.com
First Published	2025-03-24
Last Updated	2026-01-27
Solution Folder	Endace
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)
Pre-requisites	endace-usa-limited.azure-sentinel-solution-commoneventformat

The Endace (https://www.endace.com) solution for Microsoft Sentinel enables you to create Pivot-to-Vision URL links from alerts in your CEF logs.

Pivot-to-Vision links take you directly from an alert to viewing the related packets of interest in EndaceVision, Endace's traffic analysis application. In EndaceVision, you can further analyze the incident and zoom in to inspect decoded, full packet data.

The KQL in this example can be easily adapted to be used for other advanced features associated with threat hunting, such as in tickets, workbooks, and wherever KQL can be leveraged.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 1 table(s) from its content items:

Table	Used By Content
`CommonSecurityLog`	Hunting

Content Items

This solution includes 1 content item(s):

Content Type	Count
Hunting Queries	1

Hunting Queries

Name	Tactics	Tables Used
Endace - Pivot-to-Vision	ResourceDevelopment, InitialAccess, Discovery, LateralMovement, CommandandControl, Exfiltration	`CommonSecurityLog`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	30-06-2025	Initial Release