In this case, the TIP data connector works with the Microsoft Graph Security API. In this example I’m using the Alien Vault OTX, and we need to use the API method. This approach can also be used by any custom threat intelligence platform that communicates with the tiIndicators API to send indicators to Microsoft Sentinel:
OSSIM OTX HOW TO
This blog will show you how to connect Alien Vault OTX using the Microsoft Graph Security API. The easiest way is to use TAXII connector, but sometimes your organization wants to use other threat intelligence platforms (TIP) that don’t support STIX/TAXII protocols. The following URL provides a catalog of threat intelligence integrations available for Microsoft Sentinel. You can use any combination of connectors mentioned above, depending on what services are available to you and your organization. “Threat Intelligence Platforms” using the Microsoft Graph Security API.“Threat Intelligence – TAXII” using server URI & collection ID.The most common ways to connect threat intelligence sources into Microsoft Sentinel are: I’ve been working with my peer Brian B with Sentinel Threat Intell integrations, and I wanted to thank Brian for the revision and contribution to this article! The purpose of this blog is to show you how to integrate Alien Vault OTX Threat Indicators into Microsoft Sentinel.
0 kommentar(er)
