SIEM Integration

Microsoft Sentinel

Connect TigerIdentity to Microsoft Sentinel for threat-aware access control, automated incident response, and unified security operations.

Book a DemoView Documentation

Key Features

SIEM Integration

Stream TigerIdentity access decisions and audit events to Microsoft Sentinel for correlation.

Incident Response

Automatically revoke access based on Microsoft Sentinel security incidents and alerts.

Bidirectional Events

Send access events to Sentinel and receive threat intelligence for access decisions.

Automated Playbooks

Trigger TigerIdentity access revocation from Sentinel automation playbooks.

Threat-Aware Access

Use Sentinel threat intelligence scores in dynamic access control policies.

Unified Analytics

Correlate identity and access data with security events in Sentinel workbooks.

How It Works

1

Connect

Configure the Sentinel connector with Azure credentials and Log Analytics workspace ID.

2

Sync Events

TigerIdentity streams access events to Sentinel and ingests security incidents and alerts.

3

Automate Response

Create policies that automatically revoke access based on Sentinel threat detections.

Configuration Example

connector:
  type: microsoft-sentinel
  name: "sentinel-production"

  config:
    workspace_id: "${SENTINEL_WORKSPACE_ID}"
    tenant_id: "${AZURE_TENANT_ID}"
    client_id: "${AZURE_CLIENT_ID}"
    client_secret: "${AZURE_CLIENT_SECRET}"

  sync:
    incidents: true
    alerts: true
    threat_intelligence: true

  events:
    inbound:
      - incident.created
      - incident.high_severity
      - alert.user_compromised
    outbound:
      - access.granted
      - access.denied
      - session.revoked
      - policy.violated

  policies:
    - name: "revoke-on-compromise"
      condition: "sentinel.incident.severity == 'High' && sentinel.entity.type == 'user'"
      action: "revoke_all_sessions"

  mapping:
    incident_attributes:
      - sentinel: incidentNumber
        tiger: security_incident_id
      - sentinel: severity
        tiger: threat_level

Use Cases

Security-Driven Access Control

Automatically adjust access policies based on Microsoft Sentinel security incidents and threat intelligence.

Compromised User Response

Instantly revoke all access when Sentinel detects compromised user accounts or anomalous behavior.

Unified SOC Visibility

Stream all TigerIdentity access events to Sentinel for unified security operations and investigation.

Compliance Reporting

Correlate access decisions with security events for comprehensive compliance and audit reporting.

Ready to connect Microsoft Sentinel?

See how TigerIdentity integrates with your Sentinel workspace in a personalized demo.

Schedule Your Demo