Project Information

Cybriant utilizes Microsoft Azure Sentinel to detect and analyze security incidents. Our client also uses ConnectWise Manage to internally manage the detected incidents. Because an integration solution does not exist between the two systems, our client needed to manually enter all information gathered from Azure Sentinel into ConnectWise Manage. Our solution to this problem was the use of Logic Apps, a platform that aids in the automation of workflow.

Despite ConnectWise Manage being the most common ticketing platform at the enterprise level and Azure Sentinel being the fastest growing security information and event management software, an integration solution did not exist prior to our project. Our solution is the first integration between these two systems.

This diagram displays the flow of the systems when a security threat is detected. Once an incident is detected in Azure Sentinel, a trigger is pushed through Logic Apps into ConnectWise Manage via ConnectWise REST API, which creates a ticket. Important information about incidents is included in the generated tickets.

Prior to our integration solution, security analysts were required to check for security incidents, manually transfer important data into tickets, and create tickets. For each incident, Cybriant analysts needed to spend 5-8 minutes entering incident data into tickets. Analysts may face hundreds of incidents during their workday. Entering this data into tickets takes away time the Cybriant team could spend analyzing incidents, which increases the risk of breaches not being identified quickly.

With our integration solution, the work required by the client has decreased significantly and duplicate work has been eliminated. Our client may now update tickets in a central location without the need to update other locations housing this information. The tedious, redundant work has been streamlined through our automated integration solution.