![]() ![]() Let’s talk about each of the data connectors.Īdding threat indicators to Azure Sentinel with the Threat Intelligence – Platforms data connector You can use either data connector or both connectors together depending on where your organization sources threat indicators. There are two data connectors in Azure Sentinel provided specifically for threat indicators, Threat Intelligence – TAXII and Threat Intelligence – Platforms. Just like all the other event data in Azure Sentinel, threat indicators are imported using data connectors. Threat Intelligence also provides useful context within other Azure Sentinel experiences such as Hunting and Notebooks, and while not covered in this article, Ian Hellen has already written a great post Jupyter Notebooks in Sentinel, which covers the use of CTI within Notebooks.Īzure Sentinel data connectors for threat intelligence Visualize key information about your threat intelligence in Azure Sentinel with the Threat Intelligence Workbook.Use the built-in Analytics rule templates to generate security alerts and incidents using your imported threat intelligence. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |