https://store-images.s-microsoft.com/image/apps.15678.2176a155-d493-4bd5-8d5d-389c20791773.8e3b373e-46b3-4b02-bb18-2fcfaf94f457.d62029d3-92e9-42a0-835c-56b0fdfe47f6

Cyble Threat Intel

by Cyble Inc

Ingest and enrich threat intelligence in Microsoft Sentinel using Cyble’s Threat Intelligence API.

Enhance Sentinel Alerts and Threat Intelligence with Cyble Vision

The Cyble Vision Solution for Microsoft Sentinel empowers security teams with enriched, actionable threat intelligence and enhanced alert context. By integrating Cyble’s Threat Intelligence APIs, this solution enables automated ingestion and enrichment of Indicators of Compromise (IoCs) as well as security alerts directly within your Microsoft Sentinel workspace.

Key Features

  • Automated IoC and Alert Enrichment
    Enrich IoCs and Sentinel alerts with Cyble intelligence, including reputation, confidence scores, threat categories, and source attribution.
  • Streamlined Intelligence Ingestion
    Automatically ingest threat indicators from Cyble Vision into Sentinel to strengthen detection rules, analytics, and threat hunting queries.
  • Alert-Centric Workflows
    Enrich alerts generated in Microsoft Sentinel with real-time Cyble context to improve triage speed and investigation accuracy.
  • Plug-and-Play Playbooks
    Pre-built Logic Apps for IoC ingestion, IoC enrichment, and alert enrichment with minimal configuration required.
  • Customizable and Extensible
    Parameterized playbooks allow easy customization using API keys, workspace settings, and operational preferences.

Use Cases

  • Incident investigation and alert triage
  • Threat hunting and proactive defense
  • Enriching Sentinel alerts with external threat intelligence
  • Enhancing detection rules with high-fidelity threat context

Prerequisites

  • Microsoft Sentinel enabled on a Log Analytics workspace
  • Valid Cyble API key (available through your Cyble account)

Included in This Solution

  • Multiple Playbooks, including:
    • IoC enrichment using Cyble Vision
    • IoC ingestion from Cyble Vision into Microsoft Sentinel
    • Alert enrichment workflows leveraging Cyble threat intelligence
  • ARM templates and UI definitions for simplified deployment

Strengthen detection, investigation, and response workflows by enriching both threat indicators and alerts with Cyble Vision intelligence in Microsoft Sentinel.