Threat Intelligence - MS Security Graph

Copper Contributor
 

Hi community,

 

i integrate Azure SEntinel in our test environment and i also want ot use TI feeds from MS Security Graph. I read a lot but i can´t found tangible instructions to activate the feeds.

 

i have done these steps,

 

1) Register an application in Azure Active Directory.

2) Configure permissions and be sure to add the ThreatIndicators.ReadWrite.OwnedBy permission to the application.

3) Ask your Azure AD tenant administrator to grant consent to the application.

 

How can i configure step 4 regarding Microsoft SEcurity Graph? Thanks a lot !

 

4) Configure your TIP or other integrated application to push indicators to Azure Sentinel by specifying the following:

a. The application ID and secret you received when registering the app (step 1 above). 

b. Set “Azure Sentinel” as the target.

c. Set an action for each indicator - ‘alert’ is most relevant for Azure Sentinel use cases 

 

 

 
 

Anmerkung 2020-02-05 142123.png

 

 

 

 

 

3 Replies
Its been 2 years and the instructions have not gotten any better. Asking us to go watch another video is not a great experience. The instructions are making some assumptions about our level of knowledge about TI platforms which is minimal for many new users of Sentinel.
Hello Dean,

Today there is an integration with Alien Vault TIP using Logic App.
You can find its template with a pretty good explanation here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ingesting-alien-vault-otx-threat-indi...