Just Released! FortiNDR Cloud Integration for Microsoft Sentinel
Hello Fortinet Community!
We’re excited to announce a new integration for FortiNDR Cloud! The FortiNDR Cloud, Microsoft Sentinel integration provides Sentinel customers with a single pane of class for all your threat intelligence use-cases and malicious network activity detections, streamlining response efforts across the SOC.
The solution is on the Azure Marketplace here.
The integration ensures all FortiNDR Cloud detections will be seamlessly ingested by Microsoft Sentinel. As an example – We detected the recent AnyDesk Cyber incident within FortiNDR Cloud. Now, it can be investigated right from the Microsoft Sentinel dashboard, along with other network vulnerability detections.
FortiNDR Cloud currently supports integrations with Splunk, Qradar, FortiSIEM, and Cortex. For a list of existing integrations please refer to our documentation here.
Click here for our complete user guide for integrating with Microsoft Sentinel.
FortiNDR Cloud provides a data connector, parser and workbooks with predefined templates to get you started in minutes.
Data connector
Data connector allows us to ingest the Suricata events, detections and our in-house Observations events and store in Azure Log Analytics workspaces.
Parser
Predefined parser normalizes data formats for Suricata, events, observations events and detections which allows to quickly identify the column names and correlation of different types of data to drive end-to-end investigations. It comes with an option to customize it.
Workbook
An out-of-the-box template is provided with FortiNDR Cloud to create the workbooks and get those meaningful insights with a variety of visualizations. The default template is customizable.
FortiNDR Cloud Main Dashboard
Showing default main dashboard with the counts of all Suricata and Observations events along with detections counts, in the selected time-period, categorized by correlated fields.
FortiNDR Cloud Detections Dashboard
Showing detection counts categorized by severity and confidence along with the detailed list for all detections in the selected time-period.
For further assistance, please contact your FortiNDR Cloud TSM or Channel Partners for more information.
