1. Home
  2. Endace Integrates with Microsoft Sentinel for Deep Network Visibility

Endace Integrates with Microsoft Sentinel for Deep Network Visibility

AUCKLAND, New Zealand and AUSTIN, Texas – April 21, 2025Packet capture authority Endace today announced an integration between EndaceProbe and Microsoft Sentinel, a next-generation cloud security, information, and event management (SIEM) solution. The integration provides NetOps and SecOps teams with one-click access to definitive, full packet evidence from within Microsoft Sentinel to streamline investigations. Access to Endace’s Always-On packet capture enables accurate event reconstruction and helps security teams to investigate and respond to threats more quickly, with absolute confidence.

Benefits of the integration include:

  • Streamlined investigation workflows, alerts, and playbooks from Microsoft Sentinel, with one-click, drill-down access to definitive, full packet evidence captured by EndaceProbe.
  • Continuously capture weeks or months of full packet data, across Hybrid, On-Prem, and Multi-Cloud environments.
  • Single central console for searching and analyzing recorded packet data across global scale networks, integrated with Microsoft Sentinel.
  • Deep visibility that shows exactly what happened before, during, and after every event.
  • Zero-Day Threat (ZDT) risk validation using playback of recorded network traffic
  • Combining EndaceProbe’s centralized search with Microsoft Sentinel’s AI-powered SIEM enables faster, more efficient incident investigation and resolution.
  • Military-grade Security: EndaceProbe appliances are FIPS 140-3 compliant and are listed on the DoDIIN APL.


Read the solution brief and watch the demo here: https://www.endace.com/microsoft-sentinel

“Deep visibility into network activity is essential when responding to serious cybersecurity events, service outages, or performance issues. One-click access to EndaceProbe’s recorded packet data directly from Microsoft Sentinel shows incident responders exactly what happened before, during, and after any serious event,” said Cary Wright, VP Product at Endace.

“Microsoft Sentinel’s built in machine learning reduces noise and uncovers sophisticated threats while EndaceProbes provide a complete, packet-level record of network history. Integrating these two solutions gives SecOps teams easy access to definitive evidence required to triage the most serious threats on the network.”

Next week, Endace will be demonstrating EndaceProbe and EndaceProbe Cloud at RSAC™ 2025 in booth N-5176, and Endace is securing RSAC™ by equipping and operating the SoC @ RSAC™. For more information about Endace at RSAC™, visit https://www2.endace.com/rsa-2025-resources-lp.

About Endace

Endace’s scalable, always-on packet capture gives Network Operations and Security teams the deep visibility they need for fast, accurate incident investigation with rich forensic evidence at their fingertips from all their tools. EndaceProbes provide enterprise-class packet sniffing in on-prem, public and private cloud environments, with rapid, centralized search and one-click access to full pcap data from leading security and performance solutions (including Palo Alto Networks, Fortinet, Cisco, Splunk, Elastic, Microsoft and many others). Analyze network traffic using a single, unified console across all on-premise, private, or public cloud infrastructure for total hybrid cloud visibility. Capture every packet. See every threat. www.endace.com

For more information see www.endace.com or follow Endace on Twitter and LinkedIn.

Contact: pr@endace.com

Latest News & Announcements

Get a demo