RiskIQ, a global leader in attack surface management, announced that RiskIQ PassiveTotal now integrates directly with Microsoft Defender for Endpoint and Azure Sentinel. The integration brings Defender for Endpoint and Azure Sentinel alert data directly to the PassiveTotal threat hunting platform, enriching threat infrastructure to show pertinent SIEM alerts and endpoint details alongside RiskIQ’s rich Internet Intelligence.
Read More: Stored Value Solutions Introduces Solutions B2B
RiskIQ PassiveTotal aggregates data from the entire internet, absorbing intelligence to identify threats, attacker tools and systems, and indicators of compromise (IOCs). Joint customers of RiskIQ and Microsoft can now see SIEM alerts and endpoint communications overlaid directly atop this data in a single interface. As users pivot between data sets in PassiveTotal, corresponding SIEM and endpoint data are automatically searched and presented to instantly show if a threat has been in their local environment.
With both internal and external intelligence instantly correlated in one place, incident responders will accelerate their investigations, respond to incidents with more confidence, and be more proactive in addressing threats.
“In incident response, speed is everything. When external internet data and internal endpoint data are automatically combined and correlated, incident responders can immediately assess suspicious activity,” said RiskIQ Vice President of Strategy Brandon Dixon. “This integration gives incident response a powerful boost, saving analysts precious time and effort.”
Read More: Chiper Raises $12 Million Series A To Accelerate The Digital Transformation Of Corner Store Retail…
RiskIQ and Microsoft joint customers can enable integrations for both Microsoft Defender for Endpoint and Azure Sentinel separately in their organization’s account settings in RiskIQ PassiveTotal. Once enabled, users will see a new “Microsoft” tab within their PassiveTotal search results. This tab splits into multiple sub-tabs that will be populated based on the product enabled.
“RiskIQ’s massive data collection capabilities enable incident responders to act quickly and with conviction,” said Alon Rosental, principal group program manager, Microsoft Defender for Endpoint at Microsoft Corp. With this integration which ties together internal endpoint data with external infrastructure and layers on pertinent OSINT, the paradigm for time to response and remediation has certainly shifted.”