You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/data-connectors/greynoise-threat-intelligence.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,26 +48,26 @@ To integrate with GreyNoise Threat Intelligence (using Azure Functions) make sur
48
48
You can connect GreyNoise Threat Intelligence to Microsoft Sentinel by following the below steps:
49
49
50
50
51
-
> The following steps create an Azure AAD application, retrieves a GreyNoise API key, and saves the values in an Azure Function App Configuration.
51
+
> The following steps create a Microsoft Entra ID application, retrieves a GreyNoise API key, and saves the values in an Azure Function App Configuration.
52
52
53
53
1. Retrieve your API Key from GreyNoise Visualizer.
54
54
55
55
Generate an API key from GreyNoise Visualizer https://docs.greynoise.io/docs/using-the-greynoise-api
56
56
57
-
2. In your Azure AD tenant, create an Azure Active Directory (AAD) application and acquire Tenant ID and Client ID. Also, get the Log Analytics Workspace ID associated with your Microsoft Sentinel instance (it should display below).
57
+
2. In your Microsoft Entra ID tenant, create an Microsoft Entra ID application and acquire Tenant ID and Client ID. Also, get the Log Analytics Workspace ID associated with your Microsoft Sentinel instance (it should display below).
58
58
59
-
Follow the instructions here to create your Azure AAD app and save your Client ID and Tenant ID: /azure/sentinel/connect-threat-intelligence-upload-api#instructions
59
+
Follow the instructions here to create your Microsoft Entra ID app and save your Client ID and Tenant ID: /azure/sentinel/connect-threat-intelligence-upload-api#instructions
60
60
NOTE: Wait until step 5 to generate your client secret.
61
61
62
62
63
-
3. Assign the AAD application the Microsoft Sentinel Contributor Role.
63
+
3. Assign the Microsoft Entra ID application the Microsoft Sentinel Contributor Role.
64
64
65
65
Follow the instructions here to add the Microsoft Sentinel Contributor Role: /azure/sentinel/connect-threat-intelligence-upload-api#assign-a-role-to-the-application
66
66
67
-
4. Specify the AAD permissions to enable MS Graph API access to the upload-indicators API.
67
+
4. Specify the Microsoft Entra ID permissions to enable MS Graph API access to the upload-indicators API.
68
68
69
-
Follow this section here to add **'ThreatIndicators.ReadWrite.OwnedBy'** permission to the AAD App: /azure/sentinel/connect-threat-intelligence-tip#specify-the-permissions-required-by-the-application.
70
-
Back in your AAD App, ensure you grant admin consent for the permissions you just added.
69
+
Follow this section here to add **'ThreatIndicators.ReadWrite.OwnedBy'** permission to the Microsoft Entra ID App: /azure/sentinel/connect-threat-intelligence-tip#specify-the-permissions-required-by-the-application.
70
+
Back in your Microsoft Entra ID App, ensure you grant admin consent for the permissions you just added.
71
71
Finally, in the 'Tokens and APIs' section, generate a client secret and save it. You will need it in Step 6.
72
72
73
73
5. Deploy the Threat Intelligence (Preview) Solution, which includes the Threat Intelligence Upload Indicators API (Preview)
0 commit comments