Jun 21 2022 01:32 PM
Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly – generated daily at 11PM UTC – so you can be sure that the most current indicators will be available.
The feeds are available from here: https://cda.ms/2mc
The feeds are provided as links to files in .txt format so you can use the externaldata operator for KQL to pull in the feeds in real-time for KQL queries.