Microsoft Sentinel integration with Incident Response
Microsoft Sentinel analytics rules help discover threats and anomalous behaviors in your environment. Microsoft Sentinel creates alerts for these threats, and Incident Response ensures that the right people are working on them.
What does Lightstep Incident Response offer Microsoft Sentinel users?
Alerts in Microsoft Sentinel trigger alerts in Incident Response.
Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.
Functionality of the integration
When an alert is triggered in Microsoft Sentinel, an alert is created in Incident Response.