Forum Discussion

David Caddick's avatar
David Caddick
Iron Contributor
Jun 13, 2019

Sentinel & ThreatIntelligenceIndicator

Has anyone been able to get the ThreatIntelligenceIndicator to work?

  • AdiGrio's avatar
    AdiGrio
    Brass Contributor
    I was able to bring in IoCs via Palo Alto MineMeld but I'm still trying to find a way to use it. For now I bring my own threat intel feeds as custom logs.
  • David Caddick 

     

    Here is the info. Thanks Sarah Fender who runs the Graph Security API for the info:

     

    Azure Sentinel enables you to correlate and analyze your threat intelligence to create custom alerts on malicious activity, power hunting queries, and create dashboards to monitor threat activity levels. This can include indicators generated through your internal threat intelligence gathering or acquired from threat intelligence communities, licensed feeds, and other sources.

     

    Start by connecting your threat intelligence sources to Azure Sentinel in one of two ways:

    1. If you use one of the threat intelligence platforms below, native integrate with the Microsoft Graph Security API is available:   
    1. You can also integrate your threat intelligence applications and feeds directly using the Microsoft Graph Security API tiIndicator entity.

     

    Then simply configure the Threat Intelligence data connector in Azure Sentinel to begin ingesting this data. To use the data, review the sample queries available on the Azure Sentinel Threat Intelligence connector page.

     

    ~ Ofer

Resources