Illumio for Microsoft Sentinel (SIEM) Connector

Solution: IllumioSaaS

IllumioSaaS Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index

Attribute Value
Publisher Illumio
Support Tier Partner
Support Link https://www.illumio.com/support/support
Categories domains
Version 3.4.0
Author app-integrations@illumio.com
First Published 2024-05-13
Last Updated 2026-04-02
Solution Folder IllumioSaaS
Marketplace Azure Marketplace · Popularity: 🔵 Medium (70%)

**1. Azure Function App: **

IllumioSaaS solution provides ability to ingest auditable and flow events from AWS S3 bucket.

**2. Codeless Connector Framework (CCF): **

IllumioSaaS CCF solution provides ability to ingest flow events from AWS S3 bucket.

Contents

Data Connectors

This solution provides 1 data connector(s) (plus 1 discovered⚠️):

🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.

Tables Used

This solution uses 5 table(s):

Table Used By Connectors Used By Content
IllumioFlowEventsV2_CL Illumio Saas -
Illumio_Auditable_Events_CL Illumio SaaS Analytics, Workbooks
Illumio_Flow_Events_CL Illumio SaaS Workbooks
Illumio_Workloads_Summarized_API_CL - Workbooks
Syslog - Analytics, Workbooks

Content Items

This solution includes 15 content item(s):

Content Type Count
Analytic Rules 6
Workbooks 4
Playbooks 3
Parsers 2

Analytic Rules

Name Severity Tactics Tables Used
Illumio Enforcement Change Analytic Rule Medium DefenseEvasion Illumio_Auditable_Events_CL
Syslog
Illumio Firewall Tampering Analytic Rule Medium DefenseEvasion Illumio_Auditable_Events_CL
Syslog
Illumio VEN Clone Detection Rule High DefenseEvasion Illumio_Auditable_Events_CL
Syslog
Illumio VEN Deactivated Detection Rule High DefenseEvasion Illumio_Auditable_Events_CL
Syslog
Illumio VEN Offline Detection Rule High DefenseEvasion Illumio_Auditable_Events_CL
Syslog
Illumio VEN Suspend Detection Rule High DefenseEvasion Illumio_Auditable_Events_CL
Syslog

Workbooks

Name Tables Used
IllumioAuditableEvents Illumio_Auditable_Events_CL
Syslog
IllumioFlowData Illumio_Flow_Events_CL
Syslog
IllumioOnPremHealth Syslog
IllumioWorkloadsStats Illumio_Workloads_Summarized_API_CL

Playbooks

Name Description Tables Used
Illumio Containment Switch Playbook This playbook leverages Illumio workloads API to contain and isolate a workload based on user inputs... -
Illumio Get Ven Details Playbook This playbook leverages Illumio workloads API to enrich IP, Hostname and Labels, found in Microsoft ... -
Illumio Workload Quarantine Playbook This playbook leverages Illumio workloads API to quarantine a workload based on user inputs. <img sr... -

Parsers

Name Description Tables Used
IllumioSyslogAuditEvents - Syslog (read)
IllumioSyslogNetworkTrafficEvents - IllumioFlowEventsV2_CL (read)
Syslog (read)

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.4.1 13-03-2026 Update function app to use Managed Identity.
3.4.0 03-02-2025 Added 2 new Parser.
Added new connectorid SyslogAma to Analytic Rules.
Resolved Playbook deployment error.
Made minor visualization changes to Workbooks.
3.3.0 12-12-2024 Version fixed 3.2.3 to 3.3.0.
3.2.2 24-10-2024 Bump up package to 3.2.2 version.
3.2.0 01-10-2024 Added new Analytic Rules.
3.1.0 04-08-2024 Solution packaged with Modified logo link.
3.0.0 13-05-2024 Initial Solution Release.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index