sentinel-soar-content.md

title	description	author	ms.topic	ms.date	ms.author
Microsoft Sentinel SOAR content catalog | Microsoft Docs	This article displays and details the content provided by Microsoft Sentinel for security orchestration, automation, and response (SOAR), including playbooks and Logic Apps connectors.	yelevin	reference	10/18/2021	yelevin

Microsoft Sentinel SOAR content catalog

Microsoft Sentinel provides a wide variety of playbooks and connectors for security orchestration, automation, and response (SOAR), so that you can readily integrate Microsoft Sentinel with any product or service in your environment.

The integrations listed below may include some or all of the following components:

Component type	Purpose	Use case and linked instructions
Playbook templates	Automated workflow	Use playbook templates to deploy ready-made playbooks for responding to threats automatically. Automate threat response with playbooks in Microsoft Sentinel
Azure Logic Apps managed connector	Building blocks for creating playbooks	Playbooks use managed connectors to communicate with hundreds of both Microsoft and non-Microsoft services. List of Logic Apps connectors and their documentation
Azure Logic Apps custom connector	Building blocks for creating playbooks	You may want to communicate with services that aren't available as prebuilt connectors. Custom connectors address this need by allowing you to create (and even share) a connector and define its own triggers and actions. Custom connectors overview Create your own custom Logic Apps connectors

|

You can find SOAR integrations and their components in the following places:

• Microsoft Sentinel solutions
• Microsoft Sentinel Automation blade, playbook templates tab
• Logic Apps designer (for managed Logic Apps connectors)
• Microsoft Sentinel GitHub repository

Tip

• Many SOAR integrations can be deployed as part of a Microsoft Sentinel solution, together with related data connectors, analytics rules and workbooks. For more information, see the Microsoft Sentinel solutions catalog.
• More integrations are provided by the Microsoft Sentinel community and can be found in the GitHub repository.
• If you have a product or service that isn't listed or currently supported, please submit a Feature Request.
  You can also create your own, using the following tools:
  • Logic Apps custom connector
  • Azure functions
  • Logic Apps HTTP calls

Atlassian

Product	Integration components	Supported by	Scenarios
Jira	Managed Logic Apps connector Playbooks	Microsoft Community	Sync incidents

|

Check Point

Product	Integration components	Supported by	Scenarios
Check Point NGFW (Available as solution)	Custom Logic Apps connector Playbooks	CheckPoint

|

Cisco

Product	Integration components	Supported by	Scenarios
Cisco ASA, Cisco Meraki	Custom Logic Apps connector Playbooks	Community	Block IPs
Cisco FirePower	Custom Logic Apps connector Playbooks	Community	Block IPs and URLs
Cisco ISE (Available as solution)	Custom Logic Apps connector Playbooks	Microsoft
Cisco Umbrella (Available as solution)	Custom Logic Apps connector Playbooks	Microsoft	Block domains, policies management, destination lists management, enrichment, and investigation

|

Crowdstrike

Product	Integration components	Supported by	Scenarios
Falcon endpoint protection (Available as solution)	Playbooks	Microsoft	Endpoints enrichment, isolate endpoints

|

F5

Product	Integration components	Supported by	Scenarios
Big-IP	Playbooks	Community	Block IPs and URLs

|

Forcepoint

Product	Integration components	Supported by	Scenarios
Forcepoint NGFW	Custom Logic Apps connector Playbooks	Community	Block IPs and URLs

|

Fortinet

Product	Integration components	Supported by	Scenarios
FortiGate (Available as solution)	Custom Logic Apps connector Azure Function Playbooks	Microsoft	Block IPs and URLs

|

Freshdesk

Product	Integration components	Supported by	Scenarios
Freshdesk	Managed Logic Apps connector		Sync incidents

|

Have I Been Pwned

Product	Integration components	Supported by	Scenarios
Have I Been Pwned	Custom Logic Apps connector Playbooks	Community

|

HYAS

Product	Integration components	Supported by	Scenarios
HYAS Insight (Available as solution)	Managed Logic Apps connector Playbooks	HYAS

|

IBM

Product	Integration components	Supported by	Scenarios
Resilient	Custom Logic Apps connector Playbooks	Community	Sync incidents

|

Microsoft

Product	Integration components	Supported by	Scenarios
Azure DevOps	Managed Logic Apps connector Playbooks	Microsoft Community	Sync incidents
Azure Firewall (Available as solution)	Custom Logic Apps connector Playbooks	Microsoft	Block IPs
Azure AD Identity Protection	Managed Logic Apps connector Playbooks	Microsoft Community	Users enrichment, Users remediation
Azure AD	Managed Logic Apps connector Playbooks	Microsoft Community	Users enrichment, Users remediation
Azure Data Explorer	Managed Logic Apps connector	Microsoft	Query and investigate
Azure Log Analytics Data Collector	Managed Logic Apps connector	Microsoft Community	Query and investigate
Microsoft Defender for Endpoint	Managed Logic Apps connector Playbooks	Microsoft Community	Endpoints enrichment, isolate endpoints
Microsoft Defender for IoT	Playbooks	Microsoft	Orchestration and notification
Microsoft Teams	Managed Logic Apps connector Playbooks	Microsoft Community	Notifications, Collaboration, create human-involved responses

|

Okta

Product	Integration components	Supported by	Scenarios
Okta	Managed Logic Apps connector Playbooks	Community	Users enrichment, Users remediation

|

Palo Alto

Product	Integration components	Supported by	Scenarios
Palo Alto PAN-OS (Available as solution)	Custom Logic Apps connector Playbooks	Community	Block IPs and URLs
Wildfire	Custom Logic Apps connector Playbooks	Community	Filehash enrichment and response

|

Proofpoint

Product	Integration components	Supported by	Scenarios
Proofpoint TAP (Available as solution)	Custom Logic Apps connector Playbooks	Microsoft	Accounts enrichment

|

Recorded Future

Product	Integration components	Supported by	Scenarios
Recorded Future Intelligence	Managed Logic Apps connector Playbooks	Recorded Future	Entities enrichment

|

ReversingLabs

Product	Integration components	Supported by	Scenarios
TitaniumCloud File Enrichment (Available as solution)	Managed Logic Apps connector Playbooks	ReversingLabs	FileHash enrichment

|

RiskIQ

Product	Integration components	Supported by	Scenarios
RiskIQ Digital Footprint (Available as solution)	Managed Logic Apps connector Playbooks	RiskIQ	Entities enrichment
RiskIQ Passive Total	Managed Logic Apps connector Playbooks	RiskIQ	Entities enrichment
RiskIQ Security Intelligence (Available as solution)	Managed Logic Apps connector Playbooks	RiskIQ	Entities enrichment

|

ServiceNow

Product	Integration components	Supported by	Scenarios
ServiceNow	Managed Logic Apps connector Playbooks	Microsoft Community	Sync incidents

|

Slack

Product	Integration components	Supported by	Scenarios
Slack	Managed Logic Apps connector Playbooks	Microsoft Community	Notification, Collaboration

|

Virus Total

Product	Integration components	Supported by	Scenarios
Virus Total	Managed Logic Apps connector Playbooks	Microsoft Community	Entities enrichment

|

VMware

Product	Integration components	Supported by	Scenarios
Carbon Black Cloud (Available as solution)	Custom Logic Apps connector Playbooks	Community	Endpoints enrichment, isolate endpoints

|

Zendesk

Product	Integration components	Supported by	Scenarios
Zendesk	Managed Logic Apps connector Playbooks	Microsoft Community	Sync incidents

|

Zscaler

Product	Integration components	Supported by	Scenarios
Zscaler	Playbooks	Microsoft	URL remediation, incident enrichment

|

Next steps

In this document, you learned about Microsoft Sentinel SOAR content.

• Learn more about Microsoft Sentinel Solutions.
• Find and deploy Microsoft Sentinel Solutions.