Microsoft Sentinel

Microsoft Sentinel Integration

Seamlessly Integrate Microsoft Sentinel with Lansweeper

Combining Lansweeper & Microsoft Sentinel

The Azure Logic App for Lansweeper.

  • SIEM solutions aggregate event data generated by security devices, network infrastructure, systems and applications. While the primary data source for a SIEM is log data, they can also process other forms of data. Microsoft's Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate apps, data, services, and systems. The Logic App for Lansweeper seamlessly connects Sentinel with Lansweeper, so users can receive enriched alerts and contextualized IT asset data automatically, to simplify and enhance threat hunting, event investigation and incident response.  
  • Lansweeper is the leading IT asset data discovery and inventory solution. It continuously discovers IT assets across an organization's IT estate, detecting and recognizing all servers, devices, virtual machines, operating systems, software and IoT on the network - even shadow IT and idle or forgotten devices. Even if a device only touches the network briefly, Lansweeper's deep scanning engine and credential-free device recognition (CDR) technology detect it and gather in-depth granular information that helps security teams triage incidents, analyze their potential impact and prioritize their work. Rather than working off an IP or MAC address alone, users can simply query Lansweeper from within Sentinel and gain instant access to contextualized data, for rapid decision-making and faster MTTR. 
  • Using the information available from Lansweeper, Sentinel users can develop playbooks for executing a defined set of remediation actions in response alerts and incidents. Most of these alerts and incidents conform to recurring patterns, and playbooks help to orchestrate and accelerate threat response for rapid resolution, reducing risk, while lightening the load on security teams. If a machine is compromised, Sentinel users can leverage Lansweeper data to identify, locate and isolate the machine, and automatically block the account until the SOC team can analyse the issue.  
  • Playbooks not only enhance security, but they also eliminate manual tasks that can drive up costs. By Microsoft's estimate, Sentinel users can improve security while reducing costs by as much as 48% compared to traditional SIEMs. By leveraging the Logic App for Lansweeper, they can further reduce overhead by eliminating manual work associated with enriching alerts and taking action to remediate threats. 

 

 

Key Integration Features

Lansweeper Sentinel Integration

This integration implements the investigative actions for the Lansweeper app on the MS Sentinel Platform. It will allow end-users to implement any use cases on the Lansweeper Platform that are possible using a combination of the below-mentioned actions.

  1. Authentication: Create a Logic app with a custom connector. Authenticate the connection with Lansweeper APIs using the Outh2 from Logic app. Use the refresh token API link to generate the new token.
  2. List Authorized Sites: Retrieve the list of the authorized sites.
  3. Hunt IP: Get the asset details from the Lansweeper platform for the given Site ID and IP address.
  4. Hunt Mac: Get the asset details from the Lansweeper platform for the given Site ID and MAC address.

Microsoft Sentinel also possesses SOAR capabilities. Microsoft Sentinel, in addition to being a Security Information and Event Management (SIEM) system, is also a platform for Security Orchestration, Automation, and Response (SOAR). One of its primary purposes is to automate any recurring and predictable enrichment, response, and remediation tasks that are the responsibility of your Security Operations Center and personnel (SOC/SecOps), freeing up time and resources for more in-depth investigation of, and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response, to playbooks that run predetermined sequences of actions to provide powerful and flexible advanced automation to your threat response tasks. The goal of building the Lansweeper Sentinel Integration is to allow the SOC team to leverage the Lansweeper capabilities and allow it to be automated via the Microsoft Logic App. This will help our customers to get the below-mentioned capabilities.

List Authorized Sites – Provide the details of the authorized sites. 

Hunt IP – Provide the asset details from the Lansweeper platform for the given Site ID and IP address.

Hunt MAC – Provide the asset details from the Lansweeper platform for the given Site ID and MAC address.

Requirements

Lansweeper License, Cloud enabled

Lansweeper API Version – v2

 

Documentation

Download Microsoft Sentinel Integration

Support

support@lansweeper.com

Integration Category

Built By

  • Lansweeper

Lansweeper helps you to minimize risks & optimize your IT by providing actionable insight into your entire IT estate.

Lansweeper Version

Cloud

Discover The Power of Integrations

Get Started with Microsoft Sentinel

Get Started

Product

Key Features

Company

Partners

Resources

Contact

Talk to Sales

Help Center

Get your hands on the latest news, vulnerability updates & network reports.
  • Hidden
  • This field is for validation purposes and should be left unchanged.
Facebook Twitter Youtube Linkedin Reddit