Sonrai Security for Microsoft Sentinel

Solution: SonraiSecurity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Sonrai
Support Tier	Partner
Categories	domains
Version	3.0.0
Author	Sonrai - support@sonraisecurity.com
First Published	2021-10-18
Solution Folder	SonraiSecurity
Marketplace	Azure Marketplace · Rating: ★★★★★ 4.7/5 (26 ratings) · Popularity: ⚪ Very Low (0%)

The Sonrai Security solution provides the capability to ingest Sonrai tickets into Microsoft Sentinel through the REST API.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

Codeless Connector Platform (CCP) (used in GitHub Enterprise Audit Log data connector)

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Sonrai Data Connector 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`Sonrai_Tickets_CL` 🔶	Sonrai Data Connector	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 10 content item(s):

Content Type	Count
Analytic Rules	9
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
New Sonrai Ticket	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Assigned	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Closed	Low	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Escalation Executed	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Escalation Executed	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Reopened	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Risk Accepted	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Snoozed	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`
Sonrai Ticket Updated	Medium	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`Sonrai_Tickets_CL`

Workbooks

Name	Tables Used
Sonrai	`Sonrai_Tickets_CL`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	04-12-2023	Added entity mapping to Analytic Rules