Microsoft Sentinel SOAR content catalog

Microsoft Sentinel provides a wide variety of playbooks and connectors for security orchestration, automation, and response (SOAR), so that you can readily integrate Microsoft Sentinel with any product or service in your environment.

The integrations listed below may include some or all of the following components:

Component type Purpose Use case and linked instructions
Playbook templates Automated workflow Use playbook templates to deploy ready-made playbooks for responding to threats automatically.

Automate threat response with playbooks in Microsoft Sentinel
Azure Logic Apps managed connector Building blocks for creating playbooks Playbooks use managed connectors to communicate with hundreds of both Microsoft and non-Microsoft services.

List of Logic Apps connectors and their documentation
Azure Logic Apps custom connector Building blocks for creating playbooks You may want to communicate with services that aren't available as prebuilt connectors. Custom connectors address this need by allowing you to create (and even share) a connector and define its own triggers and actions.

You can find SOAR integrations and their components in the following places:

  • Microsoft Sentinel solutions
  • Microsoft Sentinel Automation blade, playbook templates tab
  • Logic Apps designer (for managed Logic Apps connectors)
  • Microsoft Sentinel GitHub repository

Tip

  • Many SOAR integrations can be deployed as part of a Microsoft Sentinel solution, together with related data connectors, analytics rules and workbooks. For more information, see the Microsoft Sentinel solutions catalog.
  • More integrations are provided by the Microsoft Sentinel community and can be found in the GitHub repository.
  • If you have a product or service that isn't listed or currently supported, please submit a Feature Request.
    You can also create your own, using the following tools:
    • Logic Apps custom connector
    • Azure functions
    • Logic Apps HTTP calls

Cisco

Product Integration components Supported by Scenarios
Cisco FirePower Custom Logic Apps connector

Playbooks
Community Block IPs and URLs

F5

Product Integration components Supported by Scenarios
Big-IP Playbooks Community Block IPs and URLs

IBM

Product Integration components Supported by Scenarios
Resilient Custom Logic Apps connector

Playbooks
Community Sync incidents

InsightVM Cloud API

Product Integration components Supported by Scenarios
InsightVM Cloud API Custom Logic Apps connector

Playbooks
Microsoft Enrich incident with asset info,
Enrich vulnerability info,
Run VM scan

Microsoft

Product Integration components Supported by Scenarios
Azure DevOps Managed Logic Apps connector

Playbooks
Microsoft

Community
Sync incidents
Azure Firewall
(Available as solution)
Custom Logic Apps connector

Playbooks
Microsoft Block IPs
Microsoft Entra ID Managed Logic Apps connector

Playbooks
Microsoft

Community
Users enrichment,
Users remediation
Azure Data Explorer Managed Logic Apps connector Microsoft Query and investigate
Azure Log Analytics Data Collector Managed Logic Apps connector Microsoft

Community
Query and investigate

Palo Alto

Product Integration components Supported by Scenarios
Palo Alto PAN-OS
(Available as solution)
Custom Logic Apps connector

Playbooks
Community Block IPs and URLs
Wildfire Custom Logic Apps connector

Playbooks
Community Filehash enrichment and response

Qualys VM

Product Integration components Supported by Scenarios
Qualys VM
(Available as solution)
Custom Logic Apps connector

Playbooks
Microsoft Get asset details,
Get asset by CVEID,
Get asset by Open port,
Launch VM scan

Recorded Future

Product Integration components Supported by Scenarios
Recorded Future Intelligence Managed Logic Apps connector

Playbooks
Recorded Future Entities enrichment

ServiceNow

Product Integration components Supported by Scenarios
ServiceNow Managed Logic Apps connector

Playbooks
Microsoft

Community
Sync incidents

URLhaus

Product Integration components Supported by Scenarios
URLhaus
(Available as solution)
Custom Logic Apps connector

Playbooks
Microsoft Check host and enrich incident,
Check hash and enrich incident,
Check URL and enrich incident

Zscaler

Product Integration components Supported by Scenarios
Zscaler Playbooks Microsoft URL remediation,
incident enrichment

Next steps

In this document, you learned about Microsoft Sentinel SOAR content.