Semperis Identity Investigation Agent

Semperis Identity Investigation Agent delivers a comprehensive risk posture assessment for any identity. Built on Semperis Lightning identity graph data ingested into the Microsoft Sentinel data lake, the agent enables SOC analysts, identity security teams, and incident responders to rapidly investigate whether an identity is exposed, over-privileged, or under active threat — without writing queries or navigating multiple tools.

The agent accepts any identity identifier — display name, Distinguished Name, SID, OID, or UPN — and returns a structured security report that spans Tier-0 classification, attack path analysis with step-by-step relationship chains, Indicators of Exposure (IOEs) with severity and remediation guidance, and Tier-0 attacker status. Attack path exploitability is classified into three levels — Highly exploitable, Moderately exploitable, and Minimally exploitable — giving analysts immediate clarity on the urgency of each finding.

Semperis Identity Investigation Agent:

- Deep identity risk assessment: Analyzes an identity across Tier-0 status, inbound and outbound attack paths, security exposures, and attacker classification in a single query

- Attack path visualization: Reconstructs full attack path chains showing each step, relationship type, and exploitability level from source to Tier-0 targets

- Actionable remediation guidance: Surfaces Indicators of Exposure with severity, MITRE ATT&CK mapping, indicator scores, and specific remediation steps

- Semperis Lightning data connector installed from Microsoft Sentinel Content Hub and actively ingesting data into a Log Analytics workspace. The connector requires a valid Semperis Lightning API key.

Investigate identity risk posture, Identify Tier-0 assets, Analyze inbound and outbound attack paths with step-by-step chain reconstruction, Surface Indicators of Exposure with remediation, Detect Tier-0 attacker classification, List known identities across the environment