Anomali Match for Azure Sentinel
Find previously unknown threats that have already penetrated your network
Anomali Match is a high-performance threat detection and response solution that continuously correlates all collected security event and log data from Azure Sentinel and other sources against millions of globally observed indicators of compromise (IOCs) to expose previously unknown adversaries that have already penetrated your network. Match retrospective analysis looks back as far as five years. The integration allows a powerful bi-directional flow of data between Azure Sentinel and Match. Azure Sentinel users can now export log data out of Sentinel into Anomali Match by simply registering an application in the Azure Active Directory. Once the log data is imported into Anomali Match, it is correlated against the threat intelligence also stored in Anomali Match and generates alerts as matches are identified. These alerts can then be pushed back to Azure Sentinel using a CEF over Syslog collector. This allows importation of high fidelity alerts from Anomali Match into the Common Security table of Azure Sentinel, from where customers can generate incidents using simple KQL-based scheduled rules for making them available for triage in Azure Sentinel.