Feb 05 2020 05:28 AM
Hi community,
i integrate Azure SEntinel in our test environment and i also want ot use TI feeds from MS Security Graph. I read a lot but i can´t found tangible instructions to activate the feeds.
i have done these steps,
1) Register an application in Azure Active Directory.
2) Configure permissions and be sure to add the ThreatIndicators.ReadWrite.OwnedBy permission to the application.
3) Ask your Azure AD tenant administrator to grant consent to the application.
How can i configure step 4 regarding Microsoft SEcurity Graph? Thanks a lot !
4) Configure your TIP or other integrated application to push indicators to Azure Sentinel by specifying the following:
a. The application ID and secret you received when registering the app (step 1 above). b. Set “Azure Sentinel” as the target. c. Set an action for each indicator - ‘alert’ is most relevant for Azure Sentinel use cases
May 12 2020 04:40 PM
DId you look into those guides and examples?
May 07 2022 02:13 PM
May 09 2022 02:37 AM