SailPoint for Microsoft Sentinel
Solution: SailPointIdentityNow
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | SailPoint |
| Support Tier | Partner |
| Categories | domains |
| Version | 3.0.0 |
| Author | SailPointIdentityNow |
| First Published | 2021-10-26 |
| Solution Folder | SailPointIdentityNow |
| Marketplace | Azure Marketplace · Rating: ★★★★★ 4.7/5 (170 ratings) · Popularity: 🟢 High (85%) |
The SailPoint Integration solution provides the capability to ingest SailPoint IdentityNow search events into Microsoft Sentinel through the REST API.
** Underlying Microsoft Technologies used: **
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
SailPointIDN_Events_CL 🔶 |
SailPoint IdentityNow | Analytics |
SailPointIDN_Triggers_CL 🔶 |
SailPoint IdentityNow | Analytics |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 6 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| SailPointIdentityNowAlertForTriggers | Informational | InitialAccess, Collection | SailPointIDN_Triggers_CL |
| SailPointIdentityNowEventType | High | InitialAccess | SailPointIDN_Events_CL |
| SailPointIdentityNowEventTypeTechnicalName | High | InitialAccess | SailPointIDN_Events_CL |
| SailPointIdentityNowFailedEvents | High | InitialAccess | SailPointIDN_Events_CL |
| SailPointIdentityNowFailedEventsBasedOnTime | High | InitialAccess | SailPointIDN_Events_CL |
| SailPointIdentityNowUserWithFailedEvent | High | InitialAccess | SailPointIDN_Events_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 28-08-2024 | Data Connector instruction updated |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊