Red Sift Solution for Microsoft Sentinel
Solution: Red Sift
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Publisher | Red Sift |
| Support Tier | Partner |
| Support Link | https://www.redsift.com/contact |
| Categories | Security - Threat Protection,Identity |
| Version | 3.0.0 |
| Author | Red Sift - support@redsift.com |
| First Published | 2026-04-10 |
| Last Updated | 2026-06-04 |
| Solution Folder | Red Sift |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The Red Sift solution for Microsoft Sentinel provides the capability to ingest authentication events from Red Sift Pulse and email forensics events from OnDMARC into your Microsoft Sentinel workspace using the Codeless Connector Framework (CCF) Push pattern.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
c. Codeless Connector Framework
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
RedSiftAuth_CL |
Red Sift Events (CCP Push) | Analytics |
RedSiftEmailForensics_CL |
Red Sift Events (CCP Push) | Analytics |
Content Items
This solution includes 5 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 5 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Red Sift - Email with URL to previously unseen domain | Medium | InitialAccess | RedSiftEmailForensics_CL |
| Red Sift - Login from previously unseen IP address | Medium | InitialAccess | RedSiftAuth_CL |
| Red Sift - MFA disabled on account | High | DefenseEvasion | RedSiftAuth_CL |
| Red Sift - New email with URL from previously unseen sender | Medium | InitialAccess | RedSiftEmailForensics_CL |
| Red Sift - New email with URL from previously unseen source | Medium | InitialAccess | RedSiftEmailForensics_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 10-04-2026 | Initial release with CCF Data Connector and 5 Analytic Rules |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊