Coming soon: Microsoft Sentinel Connector for Cumulo NDR

Same great MISP IOCs, Talos SNORT ruleset and Zeek Coverage, now available directly through Microsoft Sentinel

Extend Microsoft Sentinel’s reach to your on-prem, datacentre and IaaS environments

When adopting a new technology it can be frustrating waiting for the integration to fully support your particular deployment. If you have a hybrid estate you will already know the benefits of network threat detection and connection logging via packet capture. The Cumulo NDR Connector for Microsoft Sentinel enriches Microsoft Sentinel incidents with your network data meaning you combine the power of Sentinel playbooks with rich network traffic data.

What is Cumulo NDR?

Cumulo NDR (Network Detect and Respond) is a packet capture solution which makes use of SNORT (version 3) via our Cisco Talos integration, Zeek and the information in the MISP threat intel sharing platform for real-time alerting. The Cumulo NDR Connector for Microsoft Sentinel pulls this alert data from multiple Cumulo NDR appliances into your Microsoft Sentinel workspace.

While it’s not possible or desirable to send all the packet capture transcripts to Microsoft Sentinel, using this connector you can pivot to Cumulo NDR traffic from within Microsoft Sentinel and query the alerts and associated data using native Kusto Query Language.

The Cumulo NDR Connector for Microsoft Sentinel ships with:
  • Multiple example queries to get you started
  • Example hunting queries
  • Dedicated alert and threat workbooks
  • Playbooks
  • A high quality threat brief feed in Sentinel