Hi Jeroen, can you explain in a video how to automatically ingest the latest suspicious IP-Addresses or domains from Threat intelligence platforms or feeds into our Sentinel Analytics?
How does the TIP knows that it is connected to right registered app? Step 2 of MS article suggest - For the target product, specify Azure Sentinel. But I do not see that in app registration or Sentinel. Also, anomal website has now been shut and I cannot use it in the bicep anymore?
Hi Jeroen, Have you found a way to import IOCs into Sentinel from a STIX file?...here in USA usually CISA provides downloadable copy of IOCs via a STIX file.
Hi Amauris, I haven't done that yet. It does make sense to use STIX as it is becoming an industry standard. Let me figure out how STIX and Azure Sentinel can work together and let me get back to you.
Hi Jeroen, can you explain in a video how to automatically ingest the latest suspicious IP-Addresses or domains from Threat intelligence platforms or feeds into our Sentinel Analytics?
There are Threat Intelligence services like Maltiverse that can be connected to Sentinel via TAXII connector. That works great
How does the TIP knows that it is connected to right registered app? Step 2 of MS article suggest - For the target product, specify Azure Sentinel. But I do not see that in app registration or Sentinel. Also, anomal website has now been shut and I cannot use it in the bicep anymore?
How would you create a analytics query to search only new IOCs over a period of 90 days?
Best video on TI in Sentinel
Hi Jeroen, Have you found a way to import IOCs into Sentinel from a STIX file?...here in USA usually CISA provides downloadable copy of IOCs via a STIX file.
Hi Amauris, I haven't done that yet. It does make sense to use STIX as it is becoming an industry standard. Let me figure out how STIX and Azure Sentinel can work together and let me get back to you.
@@AzureVlog Thanks for the prompt response. Take your time, I am doing my research as well.
make video on MISP to Azure Sentinel Integration with diagram
That video might be on the backlog to create! Currently working on a integration of MISP with Sentinel :-)
@@AzureVlog Thank you