Microsoft Sentinel Integration

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. When you add the Microsoft Sentinel integration into Cisco XDR, it enables Sentinel usage in Cisco XDR Automation for out-of-box and custom workflows, including the ability to export Cisco XDR incidents into Sentinel for seamless visibility spanning both products.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Microsoft Cloud integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Microsoft Cloud integration page is displayed.

  4. Expand the Integration Guide > Configuring Microsoft Sentinel Application area and follow the instructions on how to add the Microsoft Sentinel integration in Cisco XDR.

You can perform the following tasks after you integrate Microsoft Sentinel with Cisco XDR:

  • Automation:

    • Atomic Actions - The atomic actions for Microsoft Sentinel can be used as building blocks in custom workflows. These can be found as available Actions in the left menu of the Workflow Editor. See Atomic Actions and Workflows.

    • Target - The Microsoft Sentinel target is automatically created for out-of-box and custom workflows. See Targets Created From Integrations.