User Profile
nieshkuh
Copper Contributor
Joined Sep 11, 2023
User Widgets
Recent Discussions
Re: Missing indicators in Sentinel (Threat Intelligence Platforms)
Thank you for the reply and I'm aware it takes care of duplicates, but that's not it in this case. Datasets are completely different, I even checked a IOCs just to make sure. :v IOCs that I want are being sent only when: I set the filter to pick them up and run script manually. But thank you for the suggestion!1.4KViews0likes1CommentMissing indicators in Sentinel (Threat Intelligence Platforms)
I still use the old data connector Threat Intelligence Platforms and SecurityGraphAPI along with it to integrate MISP with Sentinel and unfortunately there's a situation when not all indicators appear in Sentinel. (I am planning to move soon to Threat Intelligence Upload Indicators API (Preview), but for now TIP connector should be set and working). Current set up: My 1st MISP VM: only built-in open-source feeds + one custom feed; no filters set, all indicators are parsed and sent. My 2nd MISP VM: built-in open-source feeds + one custom feed + events from another external MISP server; no filters set, only indicators from that external MISP server are parsed and sent -> and here lies the main problem: why the rest of IOCs do not appear in Sentinel? Has there anyone had an issue like that? Both of these virtual machines have cron to send IOCs periodically. My checks so far: 1. Ensured that there are no filters set in configuration file (config.py). 2. Ensured each event is set to Published. 3. Ensured that 'to_ids flag set to True. 4. There's nothing particular in error.log. Documentation: https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP Any ideas and hints will be extremely helpful!1.6KViews0likes3Comments
Recent Blog Articles
No content to show