Architecture for Threat Intelligence connectors

%3CLINGO-SUB%20id%3D%22lingo-sub-2419089%22%20slang%3D%22en-US%22%3EArchitecture%20for%20Threat%20Intelligence%20connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2419089%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20many%20Sentinel%20instances%20in%20our%20company%20(for%20monitoring%20our%20CSP%20tenants)%20that%20are%20monitored%20by%20Lighthouse.%20Should%20we%20setup%20MISP%20with%20a%20TI%20connector%20in%20each%20instance%20or%20just%20do%20this%20in%20one%20of%20our%20primary%20tenants%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2421568%22%20slang%3D%22en-US%22%3ERe%3A%20Architecture%20for%20Threat%20Intelligence%20connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2421568%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BI%20would%20think%20you%20would%20want%20it%20activated%20in%20each%20tenant.%26nbsp%3B%20If%20you%20just%20enable%20it%20in%20the%20primary%20tenant%2C%20it%20would%20not%20be%20able%20to%20trickle%20down%20into%20the%20others%20without%20some%20work.%26nbsp%3B%20Not%20sure%20if%20each%20tenant%20can%20point%20to%20the%20same%20MISP%20server%20but%20that%20may%20be%20an%20option%3C%2FP%3E%3C%2FLINGO-BODY%3E
Respected Contributor

We have many Sentinel instances in our company (for monitoring our CSP tenants) that are monitored by Lighthouse. Should we setup MISP with a TI connector in each instance or just do this in one of our primary tenants?

1 Reply

@Dean Gross I would think you would want it activated in each tenant.  If you just enable it in the primary tenant, it would not be able to trickle down into the others without some work.  Not sure if each tenant can point to the same MISP server but that may be an option