Leveraging Microsoft sentinel and logic apps for automated cyber threat response

Vedran  Dakić; Zlatan  Morić; Ana  Kapulica; Damir  Regvart

doi:10.55214/25768484.v8i6.2933

An integrated approach to automated cyber threat response is explored in this paper, with Microsoft Sentinel's Security Information and Event Management (SIEM) capabilities being leveraged alongside Logic Apps' workflow automation within the Azure ecosystem. Efficient identification and automated mitigation of security incidents are enabled by a combination of AI-driven analytics and advanced threat-hunting capabilities, resulting in a substantial reduction of manual intervention and response times. The approach is demonstrated to contribute scientifically across three core areas: (1) a novel integration of Sentinel's SIEM with Logic Apps is proposed to streamline response workflows using automated playbooks; (2) the effectiveness of the system is assessed through multiple cyber threat scenarios, including automated account blocking and virtual machine isolation in response to identified threats; and (3) Sentinel's performance is evaluated relative to other SIEM solutions, such as Splunk and IBM QRadar, particularly in Azure-centric and hybrid environments. The potential of Microsoft Sentinel and Logic Apps to advance proactive cybersecurity defenses is underscored, while key limitations in scalability and cross-platform adaptability are also identified.

Section

How to Cite

Dakić, V. ., Morić, Z. ., Kapulica, A. ., & Regvart, D. . (2024). Leveraging Microsoft sentinel and logic apps for automated cyber threat response. Edelweiss Applied Science and Technology, 8(6), 4319–4348. https://doi.org/10.55214/25768484.v8i6.2933