The Azure Logic App for Lansweeper.
- SIEM solutions aggregate event data from security devices, network infrastructure, systems, and applications. While the primary data source for a SIEM is log data, it can also process other forms of data. Microsoft's Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate apps, data, services, and systems. The Logic App for Lansweeper seamlessly connects Sentinel with Lansweeper. Users can receive enriched alerts and contextualized IT asset data automatically to simplify and enhance threat hunting, event investigation, and incident response.
- Using the information from Lansweeper, Sentinel users can develop playbooks for executing a defined set of remediation actions in response to alerts and incidents. Most of these alerts and incidents conform to recurring patterns, and playbooks help to orchestrate and accelerate threat response for rapid resolution, reducing risk while lightening the load on security teams. If a machine is compromised, Sentinel users can leverage Lansweeper data to identify, locate and isolate the machine and automatically block the account until the SOC team can analyze the issue.
- Playbooks not only enhance security but also eliminate manual tasks that can drive up costs. By Microsoft's estimate, Sentinel users can improve security while reducing costs by as much as 48% compared to traditional SIEMs. By leveraging the Logic App for Lansweeper, they can further reduce overhead by eliminating manual work associated with enriching alerts and taking action to remediate threats.