#Alienvault ioc install#
Install the Threat Intelligence solution in Microsoft Sentinel You can use the cURL utility to browse the discovery endpoint and request the API Root. In some cases, the provider will only advertise a URL called a Discovery Endpoint. You can usually find the API Root and the Collection ID in the documentation pages of the threat intelligence provider hosting the TAXII server.
TAXII 2.x servers advertise API Roots, which are URLs that host Collections of threat intelligence. Get the TAXII server API Root and Collection ID
You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.See Azure RBAC built in roles for details on this role. In order to install, update and delete standalone content or solutions in content hub, you need the Template Spec Contributor role at the resource group level.Learn more about Threat Intelligence in Microsoft Sentinel, and specifically about the TAXII threat intelligence feeds that can be integrated with Microsoft Sentinel. To import STIX formatted threat indicators to Microsoft Sentinel from a TAXII server, you must get the TAXII server API Root and Collection ID, and then enable the Threat Intelligence - TAXII data connector in Microsoft Sentinel.
This connector enables a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers. If your organization receives threat indicators from solutions that support the current STIX/TAXII version (2.0 or 2.1), you can use the Threat Intelligence - TAXII data connector to bring your threat indicators into Microsoft Sentinel. The most widely adopted industry standard for the transmission of threat intelligence is a combination of the STIX data format and the TAXII protocol. See also: Connect your threat intelligence platform (TIP) to Microsoft Sentinel For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.
0 kommentar(er)
