Forum Discussion
How to integrate custom threat intelligence feeds and populate them in lists in Azure Sentinel?
Hi Team, I am very new to Azure Sentinel and want to integrate custom threat intelligence from our company's website. If I download the TI feeds from our website and paste it somewhere on my ...
Hi Gary,
How can I achieve my requirement without using BLOB storage? Can I do this from my local system? Or by pasting the feeds manually in a list?
How can I achieve my requirement without using BLOB storage? Can I do this from my local system? Or by pasting the feeds manually in a list?
MiteshAgrawal You can also ingest feeds using the Microsoft Graph API using the tiIndicator.
https://docs.microsoft.com/en-us/graph/api/resources/tiindicator?view=graph-rest-beta
There has been a PoC here https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-alien-vault-otx-threat-indicators-into-azure-sentinel/ba-p/1086566
-> Make sure to give the correct right to your app registration to interact with the Threat Intelligence IoC table (something like "ThreatIndicators.ReadWrite.OwnedBy", to be verified).
If it's a publicly available feeds such as AlienVault, dnsbl.info, ... I would be more to welcome to contribute during my freetime in order to help the community.
Thomas