Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | Bring Threat Intelligence from Kaspersky using TAXII data connector

Microsoft

Antonio_Alejandro_0-1659481347991.png

Bring Threat Intelligence from Kaspersky using TAXII data connector - Microsoft Tech Community

 

Microsoft Sentinel is a cloud native SIEM and SOAR solution that allows you to detect and hunt for actionable threats. Microsoft Sentinel allows various ways to import threat intelligence data and use it in various parts of the product like hunting, investigation, analytics, workbooks etc.

One of the ways to bring in threat intelligence data into Microsoft Sentinel is using the Threat Intelligence – TAXII Data connector. This data connector in Microsoft Sentinel uses the TAXII protocol for sharing data in STIX format which is one of the most widely adopted standard for sharing threat intelligence across the industry. This data connector supports pulling data from TAXII 2.0 and 2.1 servers. The Threat Intelligence – TAXII data connector is essentially a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers.

0 Replies