Correlating security events across data sources is fundamental to efficient threat identification and incident response. Having access to live data collected from end-users who analyze and report suspicious emails, will provide Microsoft Sentinel customers with a highly valuable source of potential indicators of compromise (IOCs) having already been found by suspicious users in your own organization.
The MailRisk data connector by Secure Practice will ingest data from suspicious emails analyzed by end-users, into Microsoft Sentinel, including enriched email metadata and risk assessment updates.
Secure Practice is happy to offer this out-of-the-box integration for IT administrators and security analysts who want to include MailRisk data into an integrated workflow with search and alerting features available in Microsoft Sentinel.
This applies if your organization is using the MailRisk add-in for Microsoft Outlook or Google Workspace to provide end-users with live analysis of suspicious emails.
The MailRisk data connector is published in the Azure Marketplace, and is available for install via the Sentinel Content Hub (search for MailRisk):
Access to the Secure Practice API for successfully configuring this data connector requires an active subscription with Secure Practice, and access to an administrator account.
Please contact support@securepractice.co if you have any feedback or questions.