The Azure Logic App for Lansweeper.
- SIEM solutions aggregate event data generated by security devices, network infrastructure, systems and applications. While the primary data source for a SIEM is log data, they can also process other forms of data. Microsoft's Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate apps, data, services, and systems. The Logic App for Lansweeper seamlessly connects Sentinel with Lansweeper, so users can receive enriched alerts and contextualized IT asset data automatically, to simplify and enhance threat hunting, event investigation and incident response.
- Lansweeper is the leading IT asset data discovery and inventory solution. It continuously discovers IT assets across an organization's IT estate, detecting and recognizing all servers, devices, virtual machines, operating systems, software and IoT on the network - even shadow IT and idle or forgotten devices. Even if a device only touches the network briefly, Lansweeper's deep scanning engine and credential-free device recognition (CDR) technology detect it and gather in-depth granular information that helps security teams triage incidents, analyze their potential impact and prioritize their work. Rather than working off an IP or MAC address alone, users can simply query Lansweeper from within Sentinel and gain instant access to contextualized data, for rapid decision-making and faster MTTR.
- Using the information available from Lansweeper, Sentinel users can develop playbooks for executing a defined set of remediation actions in response alerts and incidents. Most of these alerts and incidents conform to recurring patterns, and playbooks help to orchestrate and accelerate threat response for rapid resolution, reducing risk, while lightening the load on security teams. If a machine is compromised, Sentinel users can leverage Lansweeper data to identify, locate and isolate the machine, and automatically block the account until the SOC team can analyse the issue.
- Playbooks not only enhance security, but they also eliminate manual tasks that can drive up costs. By Microsoft's estimate, Sentinel users can improve security while reducing costs by as much as 48% compared to traditional SIEMs. By leveraging the Logic App for Lansweeper, they can further reduce overhead by eliminating manual work associated with enriching alerts and taking action to remediate threats.