Microsoft Sentinel is a scalable, cloud-native security information and event management (SIEM) that delivers scalable, cost-efficient security across multicloud and multi-platform environments with built-in AI, automation, threat intelligence, and a modern data lake architecture. Microsoft Sentinel provides cyberthreat detection, investigation, response, and proactive hunting, with a bird's-eye view across your enterprise.
The integration of Microsoft Sentinel with OpenCTI enables the automatic dissemination, update, and deletion of STIX indicators into Microsoft Sentinel. The connector consumes indicators from an OpenCTI stream and manages them in Microsoft Sentinel using the STIX objects API documented at https://learn.microsoft.com/en-us/azure/sentinel/stix-objects-api.
