You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-mdti-data-connector.md
+15-8Lines changed: 15 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,14 +1,15 @@
1
1
---
2
-
title: Connect Microsoft Defender Threat Intelligence data connector
3
-
description: Learn how to ingest Microsoft's threat intelligence to your Sentinel workspace.
2
+
title: Enable data connector for Microsoft's threat intelligence
3
+
titleSuffix: Microsoft Defender Threat Intelligence
4
+
description: Learn how to ingest Microsoft's threat intelligence into your Sentinel workspace.
4
5
author: austinmccollum
5
6
ms.topic: how-to
6
7
ms.date: 03/27/2023
7
8
ms.author: austinmc
8
9
---
9
10
10
-
# Connect Microsoft Defender Threat Intelligence data connector
11
-
Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests this feed of IOCs allowing you to monitor, alert and hunt based on them, similar to the STIX/TAXII and the Threat Intelligence Platform (TIP) data connectors. The difference is, the configuration is much simpler to activate.
11
+
# Enable data connector for Microsoft Defender Threat Intelligence
12
+
Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests these IOCs with a simple one-click setup. Monitor, alert and hunt based on threat intelligence in the same way yo tsimilar to the STIX/TAXII and the Threat Intelligence Platform (TIP) data connectors.
12
13
13
14
> [!IMPORTANT]
14
15
> The Microsoft Defender Threat Intelligence data connector is currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -26,19 +27,25 @@ To import threat indicators into Microsoft Sentinel from MDTI, follow these step
26
27
27
28
1. Choose the **workspace** to which you want to import the MDTI indicators from.
28
29
29
-
1. Select **Content hub** from the menu, select the **Threat Intelligence** solution, and select the :::image type="icon" source="media/connect-mdti-data-connector/install-update-button.png"::: **Install/Update** button.
30
+
1. Select **Content hub** from the menu.
31
+
32
+
1. Find and select the **Threat Intelligence** solution.
33
+
34
+
1. Select the :::image type="icon" source="media/connect-mdti-data-connector/install-update-button.png"::: **Install/Update** button.
30
35
31
36
For more information about how to manage the solution components, see [Discover and deploy out-of-the-box content](sentinel-solutions-deploy.md).
32
37
33
38
## Enable the Microsoft Defender Threat Intelligence data connector
34
39
35
-
1. To only configure the MDTI data connector, select the **Data connectors** menu, find and select the Microsoft Defender Threat Intelligence data connector, **Open connector page** button.
40
+
1. To configure the MDTI data connector, select the **Data connectors** menu.
41
+
42
+
1. Find and select the Microsoft Defender Threat Intelligence data connector > **Open connector page** button.
36
43
37
-
:::image type="content" source="media/connect-mdti-data-connector/mdti-data-connector-config.png" alt-text="Screenshot displaying the data connectors page with the MDTI data connector listed.":::
44
+
:::image type="content" source="media/connect-mdti-data-connector/mdti-data-connector-config.png" alt-text="Screenshot displaying the data connectors page with the MDTI data connector listed." lightbox="media/connect-mdti-data-connector/mdti-data-connector-config.png":::
38
45
39
46
1. Enable the feed by selecting the **Connect** button
40
47
41
-
:::image type="content" source="media/connect-mdti-data-connector/mdti-data-connector-connect.png" alt-text="Screenshot displaying the MDTI data connector page and the connect button.":::
48
+
:::image type="content" source="media/connect-mdti-data-connector/mdti-data-connector-connect.png" alt-text="Screenshot displaying the MDTI data connector page and the connect button." lightbox="media/connect-mdti-data-connector/mdti-data-connector-connect.png":::
42
49
43
50
1. When indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
0 commit comments