Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Choosing Threat Intelligence Sources

Silver Contributor

Is anyone aware of a thorough comparison of the TI feed options that can be used by Sentinel? I'm interested in learning more about when to use the various TAXII and TIP providers. Some technical or risk based guidance to help make these decisions would be useful

2 Replies
OSInt threat feeds are like automobile manufacturers. People have different allegiances to specific vendors for various reasons, and some of those include non-tangible/non-empirical reasons. I don't think there is a matrix or or rating of the quality of the different OSInt threat feeds which exist.

Personally, when setting up Sentinel for customers I have a cookbook that integrates many of the basic feeds from Anomali via TAXII to a Sentinel instance.
Thanks, I have been doing the same thing, but I would like to get more knowledgeable about the various feeds so that I can provide the most appropriate recommendation to different clients. This sound like it could be a good project for my summer intern to dig into :)