https://catalogartifact.azureedge.net/publicartifacts/silverfort.silverfort-scp-agent-97ce020b-6709-47dc-af2e-861470db396d/image2_216.png
Silverfort Identity Threat Triage Agent
por Silverfort Ltd.
Just a moment, logging you in...
Protect privileged and non-human identities across hybrid environments with Silverfort.
Agent tasks: Identity threat triage, entity analysis, authentication analysis, MFA activity monitoring, risky sign-in analysis, user risk posture assessment, endpoint behavior analysis using Microsoft Defender for Endpoint telemetry, living-off-the-land technique detection, cross-telemetry correlation, anomaly detection, security event summarization, incident investigation support
Agent workflow:
- Input: User Principal Name (UPN), access to Microsoft Sentinel Data Lake tables (CommonSecurityLog, SigninLogs from Microsoft Entra, AADRiskyUsers, DeviceProcessEvents from Microsoft Defender for Endpoint), last-24-hours query constraint (TimeGenerated > ago(24h)), Sentinel Data Exploration MCP correlation capability
- Output: MFA activity summary (approved, blocked, timed out, auto-response), sign-in success and failure summary, distinct IP address summary, user risk level and risk state summary, suspicious process execution summary from Microsoft Defender for Endpoint telemetry (PowerShell, cmd, mshta, bitsadmin, rundll32, regsvr32), correlated identity-to-endpoint insights, anomaly highlights (MFA fatigue, repeated denials, unexpected approvals), concise triage summary report, investigation-ready findings without raw event logs.
De un vistazo
https://catalogartifact.azureedge.net/publicartifacts/silverfort.silverfort-scp-agent-97ce020b-6709-47dc-af2e-861470db396d/image4_silverfortagent1.png
https://catalogartifact.azureedge.net/publicartifacts/silverfort.silverfort-scp-agent-97ce020b-6709-47dc-af2e-861470db396d/image3_silverfortagent2.png
https://catalogartifact.azureedge.net/publicartifacts/silverfort.silverfort-scp-agent-97ce020b-6709-47dc-af2e-861470db396d/image1_silverfortagent3.png
