⚠️ IronNet IronDefense
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 2.0.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2021-10-18 |
| Solution Folder | IronNet IronDefense |
The IronNet Collective Defense solution enables ingestion of IronDefense alerts, events, and IronDome notifications into Microsoft Sentinel, enabling Microsoft Sentinel to utilize IronDefense's behavioral analytics and the IronDome community to quickly identify threats in your enterprise network.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs: a. Agent-based log collection (CEF over Syslog)
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
IronNet IronDefense | Analytics, Workbooks |
Content Items
This solution includes 6 content item(s) (3 in solution, 3 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Playbooks | 3 | 0 | 3 |
| Workbooks | 2 | 2 | - |
| Analytic Rules | 1 | 1 | - |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Create Incidents from IronDefense | Medium | - | CommonSecurityLog |
Workbooks
| Name | Tables Used |
|---|---|
| IronDefenseAlertDashboard | CommonSecurityLog |
| IronDefenseAlertDetails | CommonSecurityLog |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| IronNet_UpdateIronDefenseAlerts ⚠️ | author: IronNet | - |
| IronNet_UpdateSentinelIncidents ⚠️ | author: IronNet | - |
| IronNet_Validate_IronNet_API ⚠️ | author: IronNet | - |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊