Semperis Lightning Sentinel Connector

The Semperis Lightning Sentinel Connector integrates Semperis Lightning’s identity security telemetry directly into Microsoft Sentinel, giving defenders deep visibility into Active Directory and Entra risk posture within their existing SIEM workflows.

Using Azure Monitor Data Collection Rules (DCR) and Data Collection Endpoints (DCE), the connector reliably ingests Lightning data such as indicator executions, Tier 0 (T0) nodes, and attack paths into dedicated Sentinel tables optimized for analytics, threat hunting, and incident investigation.

This integration enables security teams to:

• Correlate Semperis Lightning insights with other security signals already ingested into Microsoft Sentinel.
• Build analytics rules and workbooks around Tier 0 exposure, risky attack paths, and high-value identity activity.
• Accelerate investigation by pivoting from Sentinel incidents into rich Semperis context for affected identities and assets.
• Adopt modern Data Lake–backed ingestion patterns for scalable, cost-efficient logging and long-term analytics.

The connector is designed to be straightforward to deploy and operate, leveraging Sentinel’s RestApiPoller and an Azure Functions–based token proxy for secure, short-lived access tokens. Once configured, data flows automatically from Semperis Lightning to Microsoft Sentinel, helping joint customers improve detection, investigation, and remediation of identity-centric attacks across hybrid AD and Entra environments.

Key features of the solution:

• Data Connectors: 1