Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

FireEye IOCs to Sentinel

Copper Contributor

Hi, has anyone tried to ingest FireEye threat intel to Sentinel? Currently I'm looking at either a Jupyter notebook (would need to get script's output to Graph) or possibly sending it to Minemeld first and then using their (Palo's) instructions to send IOCs to Graph. 

2 Replies
You can build a custom connector either a function app or logic app calling the FireEye API to ingest as Custom logs into Sentinel workspace.
We don't use FireEye TI, but we do use the Minemeld -> MS Graph integration for other TI that Palo outline and it works well