Documentation Home Maltego Training Maltego Blog Contact Us
Welcome
Login
Open navigation

Microsoft Sentinel

Modified on: Thu, 21 Dec, 2023 at 5:03 PM

Overview

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise.

The Microsoft Sentinel integration for Maltego allows users to import incidents and make deep dives into them using powerful link analysis capabilities and multiple data sources.


Microsoft Sentinel is a scalable, cloud-native solution that provides: 

  • Security information and event management (SIEM) 
  • Security orchestration, automation, and response (SOAR) It delivers intelligent security analytics and threat intelligence across the enterprise.


The Microsoft Sentinel integration for Maltego allows users to import incidents and make deep dives into them using link powerful analysis capabilities and multiple data sources.



Microsoft Sentinel: Jinxpy Sentinel Transforms

Import Incident By URL [Sentinel]

Description

Search for related phone numbers.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_sentinel.global.global#CLIENT_IDAzure Enterprise App IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#CLIENT_SECRETAzure Enterprise App SecretstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#RESOURCE_GROUPAzure Resource GroupstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#SUBSCRIPTION_IDAzure Subscription IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#TENANT_IDAzure Tenant IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#WORKSPACE_NAMESentinel Workspace NamestringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameImport Incident By URL [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.url_to_incidents
Short DescriptionSearch for related phone numbers.
Input Entitiesmaltego.URL
Output Entitiesmaltego.sentinel.Incident

Extract Labels [Sentinel]

Description

Extract labels from this Incident.

Transform Meta Info

InformationValue
Display NameExtract Labels [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.extract_incident_labels
Short DescriptionExtract labels from this Incident.
Input Entitiesmaltego.sentinel.Incident
Output Entitiesmaltego.Tag

Extract Alert Product Names [Sentinel]

Description

Extract Alert Product names from this Incident.

Transform Meta Info

InformationValue
Display NameExtract Alert Product Names [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.extract_alert_product_names
Short DescriptionExtract Alert Product names from this Incident.
Input Entitiesmaltego.sentinel.Incident
Output Entitiesmaltego.Phrase

Annotate Incident [Sentinel]

Description

Get details of the Incident.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_sentinel.global.global#CLIENT_IDAzure Enterprise App IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#CLIENT_SECRETAzure Enterprise App SecretstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#RESOURCE_GROUPAzure Resource GroupstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#SUBSCRIPTION_IDAzure Subscription IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#TENANT_IDAzure Tenant IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#WORKSPACE_NAMESentinel Workspace NamestringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameAnnotate Incident [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.annotate_incident
Short DescriptionGet details of the Incident.
Input Entitiesmaltego.sentinel.Incident
Output Entitiesmaltego.sentinel.Incident

To Entities [Sentinel]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_sentinel.global.global#CLIENT_IDAzure Enterprise App IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#CLIENT_SECRETAzure Enterprise App SecretstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#RESOURCE_GROUPAzure Resource GroupstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#SUBSCRIPTION_IDAzure Subscription IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#TENANT_IDAzure Tenant IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#WORKSPACE_NAMESentinel Workspace NamestringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Entities [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.incident_to_entities
Short Description 
Input Entitiesmaltego.sentinel.Incident
Output Entitiesmaltego.DNSName, maltego.File, maltego.Hash, maltego.IPv4Address, maltego.IPv6Address, maltego.EmailAddress, maltego.Malware, maltego.URL, maltego.sentinel.Object

To Security Alert [Sentinel]

Description

Extract the Security Alert associated with this Incident.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_sentinel.global.global#CLIENT_IDAzure Enterprise App IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#CLIENT_SECRETAzure Enterprise App SecretstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#RESOURCE_GROUPAzure Resource GroupstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#SUBSCRIPTION_IDAzure Subscription IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#TENANT_IDAzure Tenant IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#WORKSPACE_NAMESentinel Workspace NamestringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Security Alert [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.incident_to_security_alert
Short DescriptionExtract the Security Alert associated with this Incident.
Input Entitiesmaltego.sentinel.Incident
Output Entitiesmaltego.sentinel.SecurityAlert

To Malware [Sentinel]

Description

Extract Malware.

Transform Meta Info

InformationValue
Display NameTo Malware [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.mail_custer_to_malware
Short DescriptionExtract Malware.
Input Entitiesmaltego.sentinel.MailCluster
Output Entitiesmaltego.Malware

Extract Sender [Sentinel]

Description

Extracts the sender’s email.

Transform Meta Info

InformationValue
Display NameExtract Sender [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Short DescriptionExtracts the sender’s email.
Output Entitiesmaltego.EmailAddress

Variants

Transform NameInput Entities
maltego.jinxpy_sentinel.extract_sender_0maltego.sentinel.MailMessage
maltego.jinxpy_sentinel.extract_sender_1maltego.sentinel.SubmissionMail

Extract Recipient [Sentinel]

Description

Extracts the recipient’s email.

Transform Meta Info

InformationValue
Display NameExtract Recipient [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Short DescriptionExtracts the recipient’s email.
Output Entitiesmaltego.EmailAddress

Variants

Transform NameInput Entities
maltego.jinxpy_sentinel.extract_recipient_0maltego.sentinel.MailMessage
maltego.jinxpy_sentinel.extract_recipient_1maltego.sentinel.SubmissionMail

Extract Attack Tactics [Sentinel]

Description

Extracts the Attack Tactics Associated with the given Incident.

Transform Meta Info

InformationValue
Display NameExtract Attack Tactics [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Short DescriptionExtracts the Attack Tactics Associated with the given Incident.
Output Entitiesmaltego.sentinel.AttackTactic

Variants

Transform NameInput Entities
maltego.jinxpy_sentinel.extract_attack_tactics_0maltego.sentinel.Incident
maltego.jinxpy_sentinel.extract_attack_tactics_1maltego.sentinel.SecurityAlert

Import Incidents [Sentinel]

Description

Imports all Sentinel Incidents

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
maltego.jinxpy_sentinel.global.global#CLIENT_IDAzure Enterprise App IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#CLIENT_SECRETAzure Enterprise App SecretstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#RESOURCE_GROUPAzure Resource GroupstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#SUBSCRIPTION_IDAzure Subscription IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#TENANT_IDAzure Tenant IDstringNoneTrueTrueFalse
maltego.jinxpy_sentinel.global.global#WORKSPACE_NAMESentinel Workspace NamestringNoneTrueTrueFalse
maltego.jinxpy_sentinel.import_incidents.INCIDENT_CREATED_BETWEENIncident Created BetweendaterangeNoneTrueTrueFalse
maltego.jinxpy_sentinel.import_incidents.INCIDENT_SEVERITYIncident SeveritystringNoneTrueTrueFalse
maltego.jinxpy_sentinel.import_incidents.INCIDENT_STATUSIncident StatusstringNoneTrueTrueFalse

Transform Meta Info

InformationValue
Display NameImport Incidents [Sentinel]
OwnerMaltego Technologies GmbH
AuthorMaltego Technologies GmbH
Data SourceSentinel
Transform Namemaltego.jinxpy_sentinel.import_incidents
Short DescriptionImports all Sentinel Incidents
Input Entitiesmaltego.sentinel.Instance
Output Entitiesmaltego.sentinel.Incident

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2021 by Maltego Technologies.