Lumen Defender℠ Threat Feed for Microsoft Sentinel

Lumen Defender℠ Threat Feed for Microsoft Sentinel, powered by Lumen Black Lotus Labs, offers security teams fast, actionable insights for network attributable alerts directly within their Sentinel platform. Powered by Black Lotus Labs threat intelligence, Lumen Defender Threat Feed provides an advantage by surfacing malicious Indicators of Compromise (IOCs). Leveraging visibility from one of the world’s largest internet backbones, this curated, high-fidelity feed delivers advanced insights into botnets, command-and-control (C2) domains, malware campaigns, criminal proxy networks, and nation-state threats. Seamlessly integrating with Microsoft Sentinel, Lumen Defender Threat Feed enables Security Operations Center (SOC) analysts and security teams to correlate internal enterprise alerts with external adversary infrastructure, prioritize high-fidelity threats, and respond quickly with enriched context.

Key Capabilities:

• Comprehensive Coverage: Identifies malicious IPs and domains across botnets, malware, C2, criminal proxy networks, and nation-state threats.
• Rapid Updates: Delivers frequent IOC updates from Lumen’s global network visibility enabling fast detection as soon as malicious infrastructure is identified
• Contextual Enrichment: Maps threat attribution to threat category, severity, confidence, and malware family.
• Seamless Integration: Offers native ingestion into Microsoft Sentinel via a certified connector.
• Actionable Analytics: Includes pre-built Sentinel workbooks and analytics rules to operationalize and assess value quickly.

This offer is an exclusive preview of Lumen Defender Threat Feed for Microsoft Sentinel and is now available by invitation only via the Microsoft Security Store.

Contact the Lumen sales team to request access and get started today.

Who is Black Lotus Labs?

Black Lotus Labs is the Threat Research and Operations arm of Lumen, made up of data scientists, reverse engineers, security engineers and threat analysts who specialize in detecting, tracking and disrupting threats around the world. Black Lotus Labs is recognized across the industry, what sets them apart is their unmatched network visibility:

• Direct access to the Lumen internet backbone. Lumen operates one of the most connected networks in the world. This provides Black Lotus Labs with unmatched visibility into threats moving across the internet, before they ever reach your endpoint.
• Tracking of 2.3 million unique threats and 46,000 command-and-control (C2) servers
• Visibility into 99% of all public IPv4 addresses via transit traffic
• Execute over ~150 C2 disruptions per month through takedowns and notifications