https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_sentinel_data_leak-55f215ff-4c95-46f8-9470-f064c4881ab9/6d880d87-8642-4c67-929f-73297350794a_adaLogoAgent350.png

Data Leak Agent

argitaratzailea: adaQuest

Free trial badge

Investigates Sentinel incidents for data leaks and delivers a clear verdict with evidence and action

Data Leak Agent investigates a user-provided incident to determine whether it indicates data leak, data exfiltration, or related suspicious data exposure activity. The agent automatically correlates evidence across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Purview to produce a single, evidence-based assessment.

It retrieves incident context, related entities, and supporting telemetry from both Sentinel and Defender XDR, then enriches the investigation with Purview insights such as DLP alerts, data risk summaries, and user risk activity within the selected lookback window. The result is a structured investigation report that helps analysts quickly understand whether the incident is likely associated with data leakage or exfiltration, what evidence supports that conclusion, and what follow-up actions are recommended.

This agent is designed to:

  • Automatically investigate the incident across both Microsoft Sentinel and Microsoft Defender XDR
  • Correlate incident-related users, devices, files, alerts, and activities
  • Enrich the investigation with Microsoft Purview risk and DLP signals
  • Distinguish between confirmed indicators, suspicious signals, benign activity, and inconclusive findings
  • Deliver a clear, investigation-ready summary with confidence level, supporting evidence, gaps, and recommended next steps

Typical use cases include

  • Investigating possible data exfiltration incidents
  • Assessing whether suspicious user activity led to sensitive data exposure
  • Triaging DLP-related incidents with cross-platform context
  • Supporting analysts during data security incident response and validation

Estimated Security Compute Unit (SCU) consumption:
Actual consumption may vary depending on incident complexity, number of related entities, amount of telemetry, lookback period, and available integrations.

  • Small environments: ~1.2 SCUs per investigation
  • Medium environments: ~1.8 to 2.5 SCUs per investigation
  • Enterprise environments: ~2.8 to 4.5 SCUs per investigation

These estimates assume the agent is enriching incidents across Sentinel, Defender XDR, and Purview, and that environments with more entities, alerts, and historical activity will naturally require more compute.

Begiratu batean

https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_sentinel_data_leak-55f215ff-4c95-46f8-9470-f064c4881ab9/a74d7449-b3e1-4b36-943a-fbe45ae3181f_Screenshot2.png
https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_sentinel_data_leak-55f215ff-4c95-46f8-9470-f064c4881ab9/6043f27a-efbf-450c-9d34-c72f94f9104f_Screenshot3.png
https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_sentinel_data_leak-55f215ff-4c95-46f8-9470-f064c4881ab9/527fd69b-1fd9-44d9-8a79-6311f1435512_Screenshot1.png