Forum Discussion

Brass Contributor

Jan 30, 2020

How to integrate custom threat intelligence feeds and populate them in lists in Azure Sentinel?

Hi Team, I am very new to Azure Sentinel and want to integrate custom threat intelligence from our company's website. If I download the TI feeds from our website and paste it somewhere on my ...

Icon for Microsoft rank

Microsoft

Jan 30, 2020

MiteshAgrawal Have you looked through the following yet?

https://docs.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence#connect-azure-sentinel-to-your-threat-intelligence-platform

MiteshAgrawal
Brass Contributor
Jan 30, 2020
Hi Rod_Trent,

Thanks for your quick reply.

The link you shared is really helpful. Will try to integrate our TI feeds with Sentinel with the help of the steps provided in the link.

Also, how can I create a list and manually upload the IOCs if that is what my requirement is? Do we have some steps for that? In KQL with makelist we can create a list and can populate data from the previous results, can we do something similar and manually upload the IOCs?

Thanks in Advance.

Regards,
Mitesh Agrawal
- GaryBushey
  Bronze Contributor
  Jan 31, 2020
  MiteshAgrawal For this part, look at https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel-part-1-reference-files/ba-p/1091306 on how to use Azure Blob storage as an external source for KQL queries.
  - MiteshAgrawal
    Brass Contributor
    Feb 02, 2020
    Hi Gary,
    
    How can I achieve my requirement without using BLOB storage? Can I do this from my local system? Or by pasting the feeds manually in a list?

Resources