Skip to content

Add SOCRadar Solution for Microsoft Sentinel#13627

Closed
orcunsami wants to merge 1 commit intoAzure:masterfrom
orcunsami:feature/socradar-solution
Closed

Add SOCRadar Solution for Microsoft Sentinel#13627
orcunsami wants to merge 1 commit intoAzure:masterfrom
orcunsami:feature/socradar-solution

Conversation

@orcunsami
Copy link

@orcunsami orcunsami commented Feb 12, 2026

Summary

Adding SOCRadar XTI Platform solution for Microsoft Sentinel Content Hub.

Components

  • 2 Playbooks: SOCRadar-Alarm-Import (imports alarms as incidents) and SOCRadar-Alarm-Sync (syncs closed incidents back)
  • 1 Workbook: SOCRadar Integration Dashboard with alarm analytics
  • 5 Hunting Queries: Alarm overview, critical alarms, trends, incident correlation, audit analysis
  • SolutionMetadata.json: offerId = azure-sentinel-solution-socradar

Features

  • Bidirectional alarm/incident sync between SOCRadar and Sentinel
  • Managed Identity authentication (no manual authorization)
  • Pagination for large alarm volumes
  • Duplicate detection
  • Classification mapping for closed incidents
  • Optional audit logging

Publisher

@orcunsami orcunsami requested review from a team as code owners February 12, 2026 23:39
@orcunsami
Copy link
Author

orcunsami commented Feb 12, 2026

Opened prematurely, closing.

@orcunsami orcunsami closed this Feb 12, 2026
@orcunsami orcunsami deleted the feature/socradar-solution branch February 12, 2026 23:42
@v-atulyadav v-atulyadav self-assigned this Feb 13, 2026
@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-atulyadav v-atulyadav

Labels

Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orcunsami @v-atulyadav