Jan 27 2023 09:58 AM
Do any of you know, of any FREE STIX/TAXII threat intelligence feeds that can connect to Microsoft Sentinel?
I ideally need them in CSV or JSON format, which can be uploaded through the Threat Intelligence page and MAP to the ThreatIntelligenceIndicator table for querying.
Jan 29 2023 05:26 AM - edited Jan 29 2023 05:28 AM
Hello @JMSHW0420,
I am not familiar with free STIX/TAXII, but you can download csv from Alien Vault.
Jan 29 2023 07:58 AM
Jan 30 2023 12:43 AM
Hello @JMSHW0420 ,
You may want to have a look at MISP (MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing (m...) It leverages the both STIX and TAXII standards and you can feed it with many free TI sources, while cultivating the development of your own IoCs.
There are several guides to integrate MISP with Sentinel, I found this more helpful: Integrating open source threat feeds with MISP and Sentinel - Microsoft Community Hub.
Hope this helps.
Jan 31 2023 04:02 AM
SolutionFeb 01 2023 08:55 AM
Jan 31 2023 04:02 AM
Solution