Forum Discussion
Threat intelligence TAXII
I am trying to add the Threat intelligence - TAXII connector in Sentinel. Upon entering the asked details such as mentioned below: Friendly Name: TAXIIFeeds API: https://limo.anomali.com/api/v1/tax...
I am using the same as per mentioned by Microsoft.
Is there any other way for this? please guide.
Is there any other way for this? please guide.
Where do you see that Limo was mentioned by Microsoft?
This service stopped providing free indicators. I think because of that you have an issue.
This service stopped providing free indicators. I think because of that you have an issue.
- I saw a YouTube video from the Microsoft Security channel. the link is : https://www.youtube.com/watch?v=3nCDOJ9D2Q8
aside, can you pls share your insights on how to integrate the Threat intelligence - TAXII into Azure Sentinel ?
This would be of great help!There are also 2 options to ingest TI from Alien Vault:
1. Using Logic App:
Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel - Microsoft Community Hub
Azure-Sentinel/Playbooks/Get-AlienVault_OTX at master · Azure/Azure-Sentinel · GitHub
2. Using TAXII:
You need to create an account on Alien Vault, generate an API key, and then connect Alien Vault TAXI.
- Rod_Trent
Microsoft
Anomali shutdown the feeds last August: https://azurecloudai.blog/2022/08/12/anomali-limo-feeds-for-microsoft-sentinel-to-expire/
Here's an alternative: https://github.com/Cyberlorians/Articles/blob/main/MISPTISetup.md
