Microsoft Alliance

SUPERCHARGE MICROSOFT SECURITY OPERATIONS PLATFORM WITH POWERFUL NETWORK EVIDENCE

Along with native integration with Microsoft Sentinel, Corelight also integrates with Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management to help streamline investigations, accelerate responses, and remediate incidents quickly and easily.

For instance, Corelight pre-correlates its logs and detections with endpoint and relevant vulnerability data from Defender directly at the sensor, so organizations can better understand and prioritize the most vulnerable endpoints across the enterprise. Going one step further, this unique integration enables fast and easy isolation of those endpoints that show signs of compromise, such that when Corelight detects a compromise, analysts can use Corelight Investigator to quickly assess the threat and isolate devices with a single click.

Integration benefits:

Complete network visibility across hybrid environments, including IT, IoT, and ICS
Quickly pivot between pre-correlated network telemetry and endpoint data
Simplify investigations with risk-based alert prioritization
Easily identify and isolate vulnerable and compromised hosts with one click

Corelight for Microsoft security operations platform

Rich Corelight network evidence powers the Microsoft unified SecOps platform through its common data model and user experience.

CORELIGHT FOR MICROSOFT SENTINEL

Along with native data integration, the Corelight App for Microsoft Sentinel includes pre-defined workbooks (dashboards), sample queries, and analytics rules that make SOC teams more efficient and effective.

CORELIGHT FOR MICROSOFT DEFENDER

Simplify investigations and prioritize alerts according to real-time risk to the enterprise with pre-correlated network, endpoint and vulnerability data. Easily isolate vulnerable hosts with one click.

JOINT SOLUTION BRIEF

AZURE VIRTUAL DESKTOP (AVD)

Designed to meet the security compliance requirements of U.S. Federal agencies and commercial organizations deploying Microsoft’s Azure Virtual Desktop environments.

Modernize your SOC with an advanced SOC Visibility Triad foundation

Integrating Corelight network evidence into Microsoft Sentinel enables security analysts to start their SOC modernization journey by pairing innovative, Zeek-based NDR with Microsoft’s industry-leading Defender platform. By enriching Corelight logs with Defender endpoint and vulnerability data directly in the Corelight Sensor, SOC analysts can streamline and accelerate investigations, while prioritizing threats based on current risks to the environment. Extending this with Microsoft Sentinel and Security Copilot can further simplify complex and time-consuming daily workflows with the power of AI.

Extended Network Asset Discovery & Inventory

Enhance visibility and security for devices across on-premise, multicloud, Operational Technology (OT), and Internet of Things (IoT) environments. Corelight’s extensive visibility of all network activity helps identify unmanaged and unknown endpoints across the environment that can then be inventoried and managed by Microsoft Defender for Endpoint. Corelight’s ICS/OT Collection helps discover and inventory IT and OT devices unable to support an agent as an ideal complement to Defender for Endpoint.

Detect and disrupt cloud-specific threats

Securing multi-cloud environments presents significant challenges due to the expanding attack surface and constant evolution of cyber threats and ever-changing network topology. See how to effectively mitigate limited visibility, missed detections and inefficient response times.

SECURE YOUR CLOUD

ebook-cloud-tablet