TacitRed Threat Intelligence for Microsoft Sentinel

Solution: TacitRedThreatIntelligence

TacitRedThreatIntelligence Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Data443 Risk Mitigation, Inc.
Support Tier	Partner
Support Link	https://www.data443.com
Categories	domains
Version	3.0.0
Author	Data443 Risk Mitigation, Inc. - support@data443.com
First Published	2025-01-01
Last Updated	2026-02-09
Solution Folder	TacitRedThreatIntelligence
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The TacitRed Compromised Credentials solution integrates TacitRed's compromised credential and identity threat intelligence into Microsoft Sentinel using the Codeless Connector Framework (CCF). The solution deploys a REST API poller connector, a custom log table (TacitRed_Findings_CL), analytics rule, and visualization workbook to help security teams detect and investigate credential compromise.

Data Connectors
Tables Used
Content Items
Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

TacitRed Compromised Credentials 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`TacitRed_Findings_CL` 🔶	TacitRed Compromised Credentials	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 3 content item(s):

Content Type	Count
Analytic Rules	2
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
TacitRed - High Confidence Compromise	High	CredentialAccess, InitialAccess, Reconnaissance	`TacitRed_Findings_CL`
TacitRed - Repeat Compromise Detection	High	CredentialAccess, Persistence	`TacitRed_Findings_CL` Internal use: `BehaviorAnalytics`

Workbooks

Name	Tables Used
TacitRedSecOpsWorkbook	`TacitRed_Findings_CL`

Additional Documentation

📄 Source: TacitRedThreatIntelligence/README.md

Overview

The TacitRed Compromised Credentials solution integrates TacitRed's compromised credential and identity threat intelligence into Microsoft Sentinel using the Codeless Connector Framework (CCF).

Solution Components

Component	Description
Data Connector	CCF-based REST API poller that ingests compromised credential findings from TacitRed
Custom Table	`TacitRed_Findings_CL` - stores compromised credential indicators
Analytics Rules	2 pre-built detection rules for high-confidence and repeat compromises
Workbook	SecOps dashboard for visualizing credential compromise trends

Prerequisites

Microsoft Sentinel workspace
TacitRed API credentials (Client ID and Client Secret)
Appropriate RBAC permissions to deploy Azure resources

Deployment

Navigate to Microsoft Sentinel Content Hub
Search for "TacitRed Compromised Credentials"
Click Install and follow the deployment wizard
Configure the data connector with your TacitRed API credentials

Data Schema

The TacitRed_Findings_CL table includes:

Column	Type	Description
`email_s`	string	Compromised email address
`domain_s`	string	Domain of the compromised account
`password_s`	string	Partial/hashed password indicator
`source_s`	string	Breach source
`breach_date_t`	datetime	Date of the breach
`confidence_d`	int	Confidence score (0-100)

Support

Provider: Data443 Risk Mitigation, Inc.
Email: support@data443.com
Website: https://www.data443.com

Learn More

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	09-12-2025	Initial TacitRed Compromised Credentials CCF solution package with data connector, analytics rules and workbook.