Piscium + Microsoft Sentinel
Native integration with Microsoft Sentinel via the Log Analytics Data Collector API. Piscium streams validated exposures, attack graph snapshots, and remediation events into custom Sentinel tables. Analytics rules can correlate Piscium findings with Defender, Entra ID, and Azure activity logs for enriched threat detection.
Why Microsoft Sentinel?
What You Get
Native integration with Microsoft Sentinel via the Log Analytics Data Collector API. Piscium streams validated exposures, attack graph snapshots, and remediation events into custom Sentinel tables. Analytics rules can correlate Piscium findings with Defender, Entra ID, and Azure activity logs for enriched threat detection.
Why Integrate
Organizations invested in the Microsoft security ecosystem gain unified visibility by combining Sentinel's threat intelligence and SOAR playbooks with Piscium's validated exposure data. Analysts see confirmed exploitable paths alongside their existing Sentinel incidents — no context switching required.
Example Scenario
Sentinel detects a suspicious sign-in from an anomalous location targeting an Azure AD admin account. A Piscium analytics rule correlates this with a validated exposure showing that the same admin account has excessive privileges to an OT management subnet. Sentinel automatically elevates the incident severity and triggers a Logic App that creates a Piscium remediation task to revoke the over-privileged access.
Data Flow
Source
Microsoft Sentinel
Processor
Piscium CTEM
Destination
Risk Dashboard
Quick Start
Configure
Requires a Log Analytics workspace with a registered Entra ID application (client credentials flow). Piscium writes to custom tables prefixed with Piscium_CL. Supports Sentinel workspaces in all Azure commercial regions. Recommended: configure Sentinel analytics rules using Piscium KQL query templates provided in the connector setup wizard.
Connect
Enable the Microsoft Sentinel connector from the Piscium integrations dashboard.
Validate
Run a test sync to verify data flows correctly between systems.
{
"event": "exposure.validated",
"timestamp": "2026-03-14T09:15:00Z",
"exposure_id": "EXP-2026-00387",
"severity": "high",
"cvss_score": 8.1,
"cve": "CVE-2025-29813",
"affected_asset": "az-mgmt-vm-02.corp.local",
"attack_path_id": "AG-0984",
"blast_radius": 8,
"remediation_status": "pending"
}Ready to Connect Microsoft Sentinel?
See the integration running live in your environment.