What Changed
New Microsoft Sentinel solution v3.0.0 from Data443 Risk Mitigation introduces the “Vaikora-SentinelOne-ThreatIntelligence” solution, containing a Logic App playbook that polls Vaikora AI agent security signals and pushes high-severity indicators to SentinelOne threat intelligence.
Playbook Integration
VaikoraToSentinelOne_Playbook.json creates a scheduled Logic App (default: every 6 hours) that:
- Polls Vaikora GET /api/v1/actions endpoint for high-risk and anomalous agent actions
- Maps risk scores to SentinelOne severity levels (75-89 → high, 90+ → critical)
- Pushes IOC indicators via POST /web/api/v2.1/threat-intelligence/iocs
- Auto-creates “Vaikora IOC Detection” STAR rule if not present
Authentication & Configuration
Requires securestring parameters for:
- VaikoraApiKey (X-API-Key header authentication)
- SentinelOne_ApiToken and SentinelOne_AccountId
- SentinelOne_BaseUrl (e.g., https://usea1.sentinelone.net)
IOC types determined from signal indicators (IPv4/IPv6), with 90-day expiration mode and threat context from anomaly detection flags.
Detection Surface
Enables SOC teams to leverage Vaikora AI behavioral analysis for endpoint threat intelligence in SentinelOne environments, bridging AI-driven agent security monitoring with existing EDR workflows.
Affected Files
Solutions/Vaikora-SentinelOne-ThreatIntelligence/Playbooks/VaikoraToSentinelOne_Playbook.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_VaikoraSentinelOne.json, createUiDefinition.json, mainTemplate.json)