Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Sentinel Taxii connector

Copper Contributor

Hi Everyone,

 

I was experimenting trying to connect Sentinel to Alienvault OTX via the Taxii connector to see if it's worth looking into some extra feeds.  Nothing I try seems to work.  Has anyone had luck with the TAXII connector with Alienvault or other platforms?

 

The only information I can find for this particular feed are instructions on doing this with a logic app, such as this post -- https://techcommunity.microsoft.com/t5/microsoft-sentinel/alienvault-otx-taxii-feed/m-p/1877695

 

The python cabby client has no issue grabbing data from this feed.  Trying the below (with the correct username of course) results in an error

 

TAXII connector already exists with the same API root URL and Collection ID or inputs are not valid.

 

Bobbers_0-1678303646622.png

 

2 Replies

@Bobbers I could consume AlianVault OTX Feed via Threat Intelligence Platforms connector. 
You may try that route.

Ping_0-1678322055944.png

Ping_1-1678322140707.png

 

@Bobbers The Alien Vault TAXII feed is 1.0 or 1.1.  Sentinel only supports TAXII 2.0+

 

Another option is using a playbook to import the IOCs via API call.