Forum Discussion
FireEye IOCs to Sentinel
Hi, has anyone tried to ingest FireEye threat intel to Sentinel? Currently I'm looking at either a Jupyter notebook (would need to get script's output to Graph) or possibly sending it to Minemeld first and then using their (Palo's) instructions to send IOCs to Graph.
2 Replies
- We don't use FireEye TI, but we do use the Minemeld -> MS Graph integration for other TI that Palo outline and it works well
- You can build a custom connector either a function app or logic app calling the FireEye API to ingest as Custom logs into Sentinel workspace.
