Forum Discussion

MiteshAgrawal's avatar
MiteshAgrawal
Brass Contributor
Jan 30, 2020

How to integrate custom threat intelligence feeds and populate them in lists in Azure Sentinel?

Hi Team,

 

I am very new to Azure Sentinel and want to integrate custom threat intelligence from our company's website.

 

If I download the TI feeds from our website and paste it somewhere on my local machine, then how can I update those feeds in Active lists (or similar in Sentinel) and call them against rules.

 

Also if this can be automatically done, I mean in ArcSight the connector reads IOCs from excel and sends it to ESM and adds the IOCs in Active lists, can the same be done in Azure Sentinel or something similar?

 

Thanks in Advance.


Regards,

Mitesh Agrawal

Resources