Forum Discussion
Threat Intelligence - MS Security Graph
Hi community,
i integrate Azure SEntinel in our test environment and i also want ot use TI feeds from MS Security Graph. I read a lot but i can´t found tangible instructions to activate the feeds.
i have done these steps,
1) https://docs.microsoft.com/en-us/graph/auth-v2-service#1-register-your-app in Azure Active Directory.
2) https://docs.microsoft.com/en-us/graph/auth-v2-service#2-configure-permissions-for-microsoft-graph and be sure to add the ThreatIndicators.ReadWrite.OwnedBy permission to the application.
3) Ask your Azure AD tenant administrator to https://docs.microsoft.com/en-us/graph/auth-v2-service#3-get-administrator-consent to the application.
How can i configure step 4 regarding Microsoft SEcurity Graph? Thanks a lot !
4) Configure your TIP or other integrated application to push indicators to Azure Sentinel by specifying the following:
a. The application ID and secret you received when registering the app (step 1 above). b. Set “Azure Sentinel” as the target. c. Set an action for each indicator - ‘alert’ is most relevant for Azure Sentinel use cases
3 Replies
- Its been 2 years and the instructions have not gotten any better. Asking us to go watch another video is not a great experience. The instructions are making some assumptions about our level of knowledge about TI platforms which is minimal for many new users of Sentinel.
- Hello Dean,
Today there is an integration with Alien Vault TIP using Logic App.
You can find its template with a pretty good explanation here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ingesting-alien-vault-otx-threat-indicators-into-azure-sentinel/ba-p/1086566
- Ofer_Shezaf
Microsoft
DId you look into those guides and examples?
- Webinar: YouTube, MP4, Presentation
- "bring your threat intelligence to Azure Sentinel."
- "Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel"
