Jun 12 2019 09:50 PM
Has anyone been able to get the ThreatIntelligenceIndicator to work?
Jun 13 2019 06:26 PM
Jun 16 2019 03:07 AM
Here is the info. Thanks @Sarah Fender who runs the Graph Security API for the info:
Azure Sentinel enables you to correlate and analyze your threat intelligence to create custom alerts on malicious activity, power hunting queries, and create dashboards to monitor threat activity levels. This can include indicators generated through your internal threat intelligence gathering or acquired from threat intelligence communities, licensed feeds, and other sources.
Start by connecting your threat intelligence sources to Azure Sentinel in one of two ways:
Then simply configure the Threat Intelligence data connector in Azure Sentinel to begin ingesting this data. To use the data, review the sample queries available on the Azure Sentinel Threat Intelligence connector page.
~ Ofer
Jun 16 2019 08:08 PM - edited Jun 17 2019 03:28 PM
Thanks @Ofer_Shezaf & @Sarah Fender
I could be wrong, but from what I can see "Threat Connect" doesn't actually list Sentinel or Azure under the integrations? https://threatconnect.com/integrations/
It does look very interesting and a great way to start - does this need to be connected via the API somehow? https://docs.threatconnect.com/en/latest/rest_api/rest_api.html
Aug 27 2019 12:55 PM
@David Caddick The Azure Sentinel + ThreatConnect integration is powered by the Microsoft Graph Security API. If you expand the Microsoft Graph Security API listing you'll see Azure Sentinel is called out there.
Mar 31 2020 08:21 AM
Is there any ETA about when Threat Intelligence Platforms" Azure Sentinel Data connector and Microsoft Graph Security tiIndicators API will become GA?
Apr 13 2020 04:36 AM
We intend to bring both of these to GA this year. Be assured that the schema will not be breaking. We may add properties, but will not be deprecating any properties or changing enums so any code you write against the API today will continue to work as we move to GA. We are also supporting the existing /beta endpoint at production level of support as we are with the Threat Intelligence - Platforms data connector in Azure Sentinel.
~ Ofer