Kaspersky Threat Data Feeds are now integrated with Microsoft Sentinel, a cloud-native SIEM and SOAR solution, to help Microsoft Sentinel users have actionable context to optimize the investigation and response to attacks as part of their cybersecurity system. With this integration, large enterprise security teams can extend their cyber threat detection capabilities and improve their performance in initial alert triage, threat hunting, or incident response.
According to IDC, “Threat intelligence is a critical component of today’s cybersecurity programs… Threat Intelligence programs provide both qualitative assessments of the terrain and actionable automated solutions that reinforce existing defenses.” For companies, it is also important to integrate IT into their security operations in order to protect themselves as effectively as possible against cyber threats.
Access to Kaspersky IT through Microsoft Sentinel provides businesses with the latest information to counter cyberattacks. The actionable context contained in intelligence feeds includes threat names, timestamps, geolocations, popularity, resolved IP addresses of infected web resources, and hashes, among other information. With this data, security teams or SOC analysts can expedite the initial triage of alerts by making informed decisions about whether to investigate and escalate the information to an incident response team.
Kaspersky’s Threat Data Feeds are automatically generated in real time and aggregate high-quality data from multiple trusted sources around the world. These sources include the Kaspersky Security Network, which has millions of voluntary participants worldwide, the botnet monitoring service, spam traps, as well as Kaspersky’s internationally renowned R&D and GReAt teams. . Microsoft Sentinel uses the TAXII protocol and receives data streams in STIX format. This allows Kaspersky Threat Data Feeds to be configured as a TAXII source of threat intelligence for its interface. Once this data is imported, cybersecurity teams can use out-of-the-box analysis rules to match threat indicators from feeds with logs.