New Blog Post | Import Pulsedive Feed into Microsoft Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-3479470%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Import%20Pulsedive%20Feed%20into%20Microsoft%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3479470%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Antonio_Alejandro_0-1654634095107.png%22%20style%3D%22width%3A%20729px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22Antonio_Alejandro_0-1654634095107.png%22%20style%3D%22width%3A%20729px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F378328i9194A314A15CDDC1%2Fimage-dimensions%2F729x510%3Fv%3Dv2%22%20width%3D%22729%22%20height%3D%22510%22%20role%3D%22button%22%20title%3D%22Antonio_Alejandro_0-1654634095107.png%22%20alt%3D%22Antonio_Alejandro_0-1654634095107.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fimport-pulsedive-feed-into-microsoft-sentinel%2Fba-p%2F3478953%22%20target%3D%22_blank%22%3EImport%20Pulsedive%20Feed%20into%20Microsoft%20Sentinel%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EMicrosoft%20Sentinel%20is%20a%20cloud%20native%20SIEM%20that%20offers%20various%20options%20to%20import%20threat%20intelligence%20data%20and%20use%20them%20for%20hunting%2C%20investigation%2C%20analytics%20etc.%20Some%20of%20the%20ways%20to%20import%20rich%20threat%20intelligence%20data%20into%20Microsoft%20Sentinel%20include%20the%20Threat%20Intelligence%20-%20TAXII%20data%20connector%2C%20Threat%20Intelligence%20Platforms%20(TIP)%20connector%20and%20import%20of%20indicators%20through%20a%20flat%20file.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EMicrosoft%20Sentinel%20was%20one%20of%20the%20early%20adopters%20of%20STIX%2FTAXII%20as%20the%20preferred%20way%20to%20import%20threat%20intelligence%20data.%20Microsoft%20Sentinel%20%E2%80%9CThreat%20Intelligence%20-TAXII%E2%80%9D%20connector%20uses%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Foasis-open.github.io%2Fcti-documentation%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ETAXII%20protocol%20for%20sharing%20data%20in%20STIX%20format%3C%2FA%3E.%20This%20data%20connector%20supports%20pulling%20data%20from%20TAXII%202.0%20and%202.1%20servers.%20The%20Threat%20Intelligence%20%E2%80%93%20TAXII%20data%20connector%20is%20essentially%20a%20built-in%20TAXII%20client%20in%20Microsoft%20Sentinel%20to%20import%20threat%20intelligence%20from%20TAXII%202.x%20servers.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3479470%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Antonio_Alejandro_0-1654634095107.png

Import Pulsedive Feed into Microsoft Sentinel - Microsoft Tech Community

 

Microsoft Sentinel is a cloud native SIEM that offers various options to import threat intelligence data and use them for hunting, investigation, analytics etc. Some of the ways to import rich threat intelligence data into Microsoft Sentinel include the Threat Intelligence - TAXII data connector, Threat Intelligence Platforms (TIP) connector and import of indicators through a flat file.

 

Microsoft Sentinel was one of the early adopters of STIX/TAXII as the preferred way to import threat intelligence data. Microsoft Sentinel “Threat Intelligence -TAXII” connector uses the TAXII protocol for sharing data in STIX format. This data connector supports pulling data from TAXII 2.0 and 2.1 servers. The Threat Intelligence – TAXII data connector is essentially a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers.

 

0 Replies