FireEye IOCs to Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2523255%22%20slang%3D%22en-US%22%3EFireEye%20IOCs%20to%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2523255%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20has%20anyone%20tried%20to%20ingest%20FireEye%20threat%20intel%20to%20Sentinel%3F%20Currently%20I'm%20looking%20at%20either%20a%20Jupyter%20notebook%20(would%20need%20to%20get%20script's%20output%20to%20Graph)%20or%20possibly%20sending%20it%20to%20Minemeld%20first%20and%20then%20using%20their%20(Palo's)%20instructions%20to%20send%20IOCs%20to%20Graph.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2523792%22%20slang%3D%22en-US%22%3ERe%3A%20FireEye%20IOCs%20to%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2523792%22%20slang%3D%22en-US%22%3EYou%20can%20build%20a%20custom%20connector%20either%20a%20function%20app%20or%20logic%20app%20calling%20the%20FireEye%20API%20to%20ingest%20as%20Custom%20logs%20into%20Sentinel%20workspace.%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi, has anyone tried to ingest FireEye threat intel to Sentinel? Currently I'm looking at either a Jupyter notebook (would need to get script's output to Graph) or possibly sending it to Minemeld first and then using their (Palo's) instructions to send IOCs to Graph. 

2 Replies
You can build a custom connector either a function app or logic app calling the FireEye API to ingest as Custom logs into Sentinel workspace.
We don't use FireEye TI, but we do use the Minemeld -> MS Graph integration for other TI that Palo outline and it works well