![]() Enable the Threat Intelligence Platforms data connector in Microsoft Sentinel.Input this information into the LogicApp used to connect your TIP solution or custom application.Obtain an Application ID and Client Secret from your Azure Active Directory.At a high level the steps to be performed include the following. To use this method, we need to import threat indicators to Microsoft Sentinel from your integrated TIP or custom threat intelligence platform. This can also be used by any custom threat intelligence platform that communicates with the tiIndicators API to send indicators to Microsoft Sentinel: In this case, the TIP data connector works with the Microsoft Graph Security API. ![]() In this example I’m using the Alien Vault OTX, and we need to use the API method. This approach can also be used by any custom threat intelligence platform that communicates with the tiIndicators API to send indicators to Microsoft Sentinel: This blog will show you how to connect Alien Vault OTX using the Microsoft Graph Security API. The easiest way is to use TAXII connector, but sometimes your organization wants to use other threat intelligence platforms (TIP) that don’t support STIX/TAXII protocols. The following URL provides a catalog of threat intelligence integrations available for Microsoft Sentinel. You can use any combination of connectors mentioned above, depending on what services are available to you and your organization. “Threat Intelligence Platforms” using the Microsoft Graph Security API. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |