Do any of you know, of any FREE STIX/TAXII threat intelligence feeds that can connect to Microsoft Sentinel? I ideally need them in CSV or JSON format, which can be uploaded through the Threat Intelligence page and MAP to the ThreatIntelligenceIndicator table for querying.

Why would you need the CSV if they are coming from a TAXII server? Microsoft Sentinel has the capability to ingest data from TAXII servers and send it directly to the ThreatIntelligenceIndicator table.

RE: Free Threat Intelligent Feeds | Microsoft Community Hub

cyb3rmik3
Iron Contributor
Jan 30, 2023
Hello JMSHW0420 ,

You may want to have a look at MISP (MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing (misp-project.org)) It leverages the both STIX and TAXII standards and you can feed it with many free TI sources, while cultivating the development of your own IoCs.

There are several guides to integrate MISP with Sentinel, I found this more helpful: Integrating open source threat feeds with MISP and Sentinel - Microsoft Community Hub.

Hope this helps.
- GBushey
  Microsoft
  Jan 31, 2023
  Why would you need the CSV if they are coming from a TAXII server? Microsoft Sentinel has the capability to ingest data from TAXII servers and send it directly to the ThreatIntelligenceIndicator table.
  - JMSHW0420
    Iron Contributor
    Feb 01, 2023
    Hi GBushey.
    
    Thanks for the reply. I have been able to do exactly that with the Pulse Dive integration service and the Threat Intelligence - TAXII Data Connector.
mikhailf
Steel Contributor
Jan 29, 2023
Hello JMSHW0420,

I am not familiar with free STIX/TAXII, but you can download csv from Alien Vault.
- JMSHW0420
  Iron Contributor
  Jan 29, 2023
  Hi mikhailf,
  
  With Pulse Dive (if you sign up them) there is access to free 'test' data through a Collection ID.
  
  It then can be mapped in Threat Intelligence - TAXII Data Connector.

Forum Discussion

RE: Free Threat Intelligent Feeds

Share

Resources