Overview

With the Theom and Microsoft Sentinel integration, customers can now collect valuable threat intelligence content from inside data clouds and data lakehouses, detect attacks using the MITRE ATT&CK framework, ingest critical alerts into Microsoft Sentinel, and respond to incidents rapidly with built-in orchestration and automation. Theom runs inside data clouds and lakehouses to deliver unique intelligence on data assets and threats to sensitive data–all with no agents, no proxies, or no impact on business applications.

Integration benefits

Theom and Microsoft Sentinel help customers secure data clouds and data lakehouses with:

• Insider Threat Detection and Prevention

• Detect phished users and service accounts abusing data and suspend their access

• Quarantine data at risk and apply egress controls to stop data leaks

• Prioritize data security incidents based on the $ value of data at risk

• Data and AI Access Governance

• Detect over-provisioned access to data and shrink-wrap permissions continuously

• Gain visibility into who has access to what data; what they do with the data

• Ensure detection and prevention controls follow the data through the data pipeline

• Enforce fine-grained access controls over LLM RAG

• Ransomware detection, prevention, recovery

• Detect attacker progression and malicious access to data, using an AI-based detection engine

• Track and capture attacker’s encryption keys, even after attackers cover their tracks

• Protect against prompt injection attacks

Underlying Microsoft Technologies used:

This solution has a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs.

a. Azure Monitor HTTP Data Collector API