https://catalogartifact.azureedge.net/publicartifacts/stealthtalkinc.stealthtalk-sentinel-solution-558f8fee-4b38-4472-a70d-b4d2bf94ea6a/image1_stmsdefhub216x216.png
StealthTalk Anomalous Authentication
por R2 Copilot US
Just a moment, logging you in...
Sentinel solution for StealthTalk: ingests anomalous auth events via Logs API
StealthTalk Anomalous Authentication for Microsoft Sentinel
StealthTalk Anomalous Authentication integrates StealthTalk Enterprise with Microsoft Sentinel, enabling SOC teams to detect and investigate messaging-related security anomalies using familiar Sentinel workflows.
What’s included
- Data Connector: Logs ingestion API, custom log table, DCE/DCR, and guided setup
- Analytic Rules (4): Off-hours activity, multiple new devices, geo anomalies, brute force
- Hunting Queries (3): Impossible travel, account takeover sequence, brute force + suspicious access
- ASIM Support: Full integration with authentication schema and queries
- Workbook: 17 dashboards including risk scoring, anomaly correlation, and map view
- Teams Playbook: Incident alerts sent to Microsoft Teams via Logic App
Why StealthTalk
Built on a patented secure protocol, StealthTalk delivers private messaging with enterprise-level security and visibility. Certified and co-sell eligible within the Microsoft ecosystem.
Requirements
- Microsoft Sentinel workspace
- Deployed StealthTalk Enterprise
- Entra App Registration with required permissions
- (Optional) Teams webhook for alerts
- ASIM parser pack installed
De un vistazo
https://catalogartifact.azureedge.net/publicartifacts/stealthtalkinc.stealthtalk-sentinel-solution-558f8fee-4b38-4472-a70d-b4d2bf94ea6a/image0_1stmsdefhubscreenoverview.png