https://store-images.s-microsoft.com/image/apps.38519.bde24f6a-f2c0-4b62-897c-fffe83b41ada.80bec07f-5ad0-47ed-b0dc-3eb752b4bcf6.2f43274e-e7b5-46ff-9e71-70a7ae850639

BeyondTrust Privileged Management Cloud for Microsoft Sentinel

pateikė BeyondTrust Corporation

Monitor BeyondTrust privilege management and endpoint security events in Microsoft Sentinel

The BeyondTrust PM Cloud solution for Microsoft Sentinel enables security teams to centralize and analyze privilege management and endpoint security data alongside other critical security signals. This comprehensive integration addresses the challenge of siloed security visibility by bringing BeyondTrust PM Cloud activity audits and client events into your unified security operations platform.


What This Solution Delivers:
This turnkey solution deploys an Azure Function App that securely connects to BeyondTrust PM Cloud APIs using OAuth 2.0 authentication. It automatically ingests administrative activities (policy changes, user management, configuration audits) and endpoint security events (process execution, authentication, privilege escalation) into custom Log Analytics tables. The included workbook provides immediate visualization of key metrics and trends.


Who Benefits:
Security Operations Centers (SOC), security analysts, and compliance teams who need unified visibility across their security infrastructure. Organizations using both Microsoft Sentinel and BeyondTrust PM Cloud gain the ability to correlate privilege management events with broader security telemetry for more effective threat detection and incident investigation.


Problems Solved:

  • Fragmented Security Visibility: Eliminates the need to switch between multiple consoles by bringing privilege management insights into your SIEM
  • Delayed Threat Detection: Enables real-time correlation of privilege escalation attempts with other attack indicators for faster identification of advanced threats
  • Compliance Challenges: Provides centralized audit trails for privileged access and endpoint security events to support compliance reporting requirements
  • Manual Investigation Overhead: Automates data collection with configurable polling intervals and includes pre-built queries for common investigation scenarios

The solution supports flexible deployment options (Consumption, Flex, or Premium Azure Function plans) and includes comprehensive documentation for setup, monitoring, and troubleshooting.