XBOW Pentest Analysis Agent

XBOW Pentest Analysis Agent helps security teams evaluate penetration test results in the context of their security operations environment.

The agent correlates XBOW penetration test findings with security telemetry in Microsoft Sentinel to determine which simulated attacks were detected, which were missed, and where monitoring gaps exist.

Security teams can use these insights to improve detection coverage and strengthen security posture.

Agent tasks: analyze pentest findings, correlate attack activity with Sentinel telemetry, identify detection gaps, generate security insights

Agent workflow

Input: pentest findings from XBOW platform, exploit evidence, Sentinel security logs, security telemetry

Output: analysis of detection coverage, list of detected attack techniques, list of missed detections, security recommendations

Estimated SCU consumption per execution

SCU consumption varies depending on the number of assets queried and the complexity of the request.

• Small environments: ~1 – 1.5 SCUs
  (e.g., querying assets or findings in small environments with limited data)

• Medium environments: ~2 – 3 SCUs
  (e.g., environments with multiple applications and moderate security telemetry)

• Enterprise environments: ~3 – 4 SCUs
  (e.g., large environments with many applications and findings where pentest execution requests involve more processing)