Microsoft Sentinel App

Siem & Analytics

Overview

Azure Sentinel solution that connects OpenCTI with Microsoft Sentinel to ingest threat intelligence, enrich incidents, and automate indicator synchronization using custom Logic Apps connectors and SOAR playbooks.

The OpenCTI for Azure Sentinel solution is a deployable application within the Microsoft Sentinel environment that enables seamless integration between Microsoft’s SIEM/SOAR capabilities and the OpenCTI threat intelligence platform.

It provides a custom Azure Logic Apps connector along with SOAR playbooks designed to operationalize threat intelligence throughout the incident lifecycle.

This integration allows organizations to:

Automatically ingest threat intelligence data from OpenCTI into Microsoft Sentinel.
Enrich Sentinel incidents and alerts with contextual indicators and knowledge from OpenCTI, improving investigation accuracy and prioritization.
Synchronize indicators bidirectionally, enabling analysts to push indicators from Sentinel back into OpenCTI for centralized knowledge sharing.
Automate SOC workflows using prebuilt playbooks for indicator creation, enrichment, and incident response.

Basic information

Organization

Filigran

Author

Nino Rowlands

Type

Third party integrations

Subtype

Detection (SIEM, XDR & EDR)

Last updated atJanuary 26, 2026

Vendor URLhttps://marketplace.microsoft.com/en-us/product/azure-applications/azuresentinel.azure-sentinel-solution-opencti?tab=overview

Downloads0

Shares0