Prerequisites
Before setting up Orchestrator in an Azure Active Directory environment, you must ensure the following:
Details of your users are stored in Azure AD.
There is visibility of the identifier for the user in the SafeTitan portal, which is typically the user's email address.
Configuration for granting access to the SafeTitan portal is detailed in the section Configure SafeTitan Portal.
The Real-Time Response process must integrate with Security Information and Event Management (SIEM) technology. Currently, the supported applications are:
SPLUNK
LogRhythm
Logpoint
MS Sentinel
DTEX Agents
For additional details on these applications, see Real-Time SIEM Integration.