SOLVED

RE: Free Threat Intelligent Feeds

Brass Contributor

Do any of you know, of any FREE STIX/TAXII threat intelligence feeds that can connect to Microsoft Sentinel?

 

I ideally need them in CSV or JSON format, which can be uploaded through the Threat Intelligence page and MAP to the ThreatIntelligenceIndicator table for querying.

5 Replies

Hello @JMSHW0420,

 

I am not familiar with free STIX/TAXII, but you can download csv from Alien Vault. 

Hi @mikhailf,

With Pulse Dive (if you sign up them) there is access to free 'test' data through a Collection ID.

It then can be mapped in Threat Intelligence - TAXII Data Connector.

Hello @JMSHW0420 ,

 

You may want to have a look at MISP (MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing (m...) It leverages the both STIX and TAXII standards and you can feed it with many free TI sources, while cultivating the development of your own IoCs.

 

There are several guides to integrate MISP with Sentinel, I found this more helpful: Integrating open source threat feeds with MISP and Sentinel - Microsoft Community Hub.

 

Hope this helps.

best response confirmed by JMSHW0420 (Brass Contributor)
Solution
Why would you need the CSV if they are coming from a TAXII server? Microsoft Sentinel has the capability to ingest data from TAXII servers and send it directly to the ThreatIntelligenceIndicator table.
Hi @GBushey.

Thanks for the reply. I have been able to do exactly that with the Pulse Dive integration service and the Threat Intelligence - TAXII Data Connector.
1 best response

Accepted Solutions
best response confirmed by JMSHW0420 (Brass Contributor)
Solution
Why would you need the CSV if they are coming from a TAXII server? Microsoft Sentinel has the capability to ingest data from TAXII servers and send it directly to the ThreatIntelligenceIndicator table.

View solution in original post