Sep 11 2023 08:52 AM
I still use the old data connector Threat Intelligence Platforms and SecurityGraphAPI along with it to integrate MISP with Sentinel and unfortunately there's a situation when not all indicators appear in Sentinel.
(I am planning to move soon to Threat Intelligence Upload Indicators API (Preview), but for now TIP connector should be set and working).
Current set up:
Both of these virtual machines have cron to send IOCs periodically.
My checks so far:
1. Ensured that there are no filters set in configuration file (config.py).
2. Ensured each event is set to Published.
3. Ensured that 'to_ids flag set to True.
4. There's nothing particular in error.log.
Documentation: https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP
Any ideas and hints will be extremely helpful!
Sep 14 2023 09:23 PM
Sep 15 2023 06:49 AM
Sep 15 2023 06:38 PM