Forum Discussion
Threat intelligence indicators submit using graph - where is my indicator?
Folks,
I am testing this endpoint:
to upload TI indicators from a file.
I know that my request is working, as I am getting in return the object that's being POSTed (see sample attachment) as well as a 200 status.
My question is, why is my indicator not showing in the "ThreatIntelligenceIndicator" table in sentinel, and neither in the Threat intellingence blade with all the other TI that Microsoft uploads?
Hello ameri1805,
Check this playbook:
Azure-Sentinel/Playbooks/Get-AlienVault_OTX at master · Azure/Azure-Sentinel · GitHub
Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel - Microsoft Community Hub
There is a part where the indicators are ingested. There you can find the parameters of the request.
- Thanks, In my case, I already know what the parameters are, by looking at this:
https://learn.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http
As well as knowing what the required fields are in the list of indicators I am sending in the "value" parameter, that's why I am getting in return the object attached to this question, which containts an ID as 1 of the properties, that's an ID generated by the endpoint, which means it's clearly working.turns out this connector needs to be connected in order for me to see my TI objects in Sentinel.
without this connector, the objects will never show in Sentinel.
Thanks Microsoft for being so clear in the documentation...... NOOOOT
