Directory Services Protector Solution for Azure Sentinel

Expand and focus the sight of Microsoft Sentinel



Strengthen Your Cyber Resilience

See DSP for Azure Sentinel in action.

Sentinel with more sight

DSP easily integrates with Microsoft Sentinel (formerly Azure Sentinel) with powerful parsing and presentation capabilities. See, understand, and act on previously invisible but critical security information such as indicators of exposure or compromise. DSP’s deep AD auditing and analysis gives you the visibility you need to detect and respond to in-progress threats. The Directory Services Protector Solution for Microsoft Sentinel is available for free from the Azure marketplace.

  • Discover AD threats outside of the view of Microsoft Sentinel
  • Thwart bad actors’ attempts to hide their activities
  • Bring critical AD indicators of exposure and indicators of compromise to the forefront in Sentinel views
  • Simplify threat detection and response with out-of-the-box integration between Microsoft Sentinel and DSP

Sentinel is blind to many AD-based attacks

Virtually every cyberattack compromises Active Directory (AD) in some form, and the most sophisticated attacks—such as DCShadow attacks—bypass logs and occur beyond the scope of Microsoft Sentinel’s tracking and reporting capabilities. For AD-based attacks, the only unalterable data source is the AD replication stream, which is beyond Sentinel’s view. The AD replication stream is the only reliable method of catching every change (pre-attack and during an attack), no matter how attackers might attempt to cover their tracks.

Bring critical AD IOEs and IOCs data to Sentinel

But there is hope. Semperis Directory Services Protector (DSP) proactively monitors AD —including the elusive replication stream—looking for indicators of weakness. DSP discovers relevant indicators of exposure (IOEs) or indicator of compromises (IOCs), then parses that data and passes it to Microsoft Sentinel with meaningful context. The critical information rises to the top of the Sentinel’s data feed and cuts through the clutter, presenting relevant IOEs and IOCs in familiar Sentinel dashboards mapped to the security frameworks you rely on, including MITRE ATT&CK.

You can evaluate and mitigate these high-risk vulnerabilities as part of your holistic AD security program. Combining Microsoft Sentinel with Semperis DSP drastically reduces the burden on security analysts, dramatically improves visibility into malicious changes, and strengthens your cyber resilience.

Learn how to find indicators of exposure and stop attackers cold

Now's the Time to Rethink Active Directory Security

Do You Know Your AD Security Vulnerabilities?

“Great product for peace of mind when protecting your Active Directory.” 

—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company 

 See the full review on Gartner Peer Insights


Unlock cyber resilience. Request a Demo