This blog was co-written by Richard Phillips, Product Manager at Anomali and Rijuta Kapoor, Microsoft.
Microsoft Sentinel is a cloud-native SIEM that offers various options to import threat intelligence data and use them for hunting, investigation, analytics etc. Some of the ways to import rich threat intelligence data into Microsoft Sentinel include the Threat Intelligence - TAXII data connector and Threat Intelligence Platforms (TIP) connector.
Microsoft Sentinel was one of the early adopters of STIX/TAXII as the preferred way to import threat intelligence data. Microsoft Sentinel “Threat Intelligence -TAXII” connector uses the TAXII protocol for sharing data in STIX format. This data connector supports pulling data from TAXII 2.0 and 2.1 servers. The Threat Intelligence – TAXII data connector is essentially a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers.
Anomali ThreatStream offered integrations with Microsoft Sentinel in the past using the ThreatStream integrator and leveraging the power of the Graph Security API and TIP data connector of Microsoft Sentinel.
Today we are announcing our integration with Anomali ThreatStream, which allows you to get threat intelligence data from Anomali ThreatStream into Microsoft Sentinel using the Threat Intelligence – TAXII Data Connector.
Microsoft Sentinel benefits with Anomali ThreatStream
Anomali ThreatStream is a threat intelligence management solution that allows you to automate data collection from hundreds of threat sources, including commercial vendors, OSINT, ISACs, and more, to operationalize threat intelligence at scale.
Utilizing Anomali Macula, our built-in proprietary machine learning engine, intelligence is aggregated, scored, and categorized for real-time intelligence distribution to security controls across your entire security ecosystem. Users can choose between configuring integrations to send only high confidence, high severity observables, or observables associated with known threat actors, active malw ..
Support the originator by clicking the read the rest link below.
