You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/add-entity-to-threat-intelligence.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -128,7 +128,7 @@ Whichever of the two interfaces you choose, you end up here.
128
128
129
129
1. When all the fields are filled in to your satisfaction, select **Apply**. A confirmation message appears in the upper-right corner stating that your indicator was created.
130
130
131
-
1. The entity is added as a threat indicator in your workspace. You can find it [in the list of indicators on the Threat Intelligence page](work-with-threat-indicators.md#find-and-view-your-indicators-in-the-threat-intelligence-page). You can also find it [in the ThreatIntelligenceIndicators table in Logs](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs).
131
+
1. The entity is added as a threat indicator in your workspace. You can find it [in the list of indicators on the Threat Intelligence page](work-with-threat-indicators.md#find-and-view-your-indicators-on-the-threat-intelligence-page). You can also find it [in the ThreatIntelligenceIndicators table in Logs](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs).
Copy file name to clipboardExpand all lines: articles/sentinel/connect-threat-intelligence-taxii.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,11 +15,11 @@ ms.collection: usx-security
15
15
16
16
# Connect Microsoft Sentinel to STIX/TAXII threat intelligence feeds
17
17
18
-
The most widely adopted industry standard for the transmission of threat intelligence is a [combination of the STIX data format and the TAXII protocol](https://oasis-open.github.io/cti-documentation/). If your organization receives threat indicators from solutions that support the current STIX/TAXII version (2.0 or 2.1), you can use the Threat intelligence - TAXII data connector to bring your threat indicators into Microsoft Sentinel. This connector enables a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers.
18
+
The most widely adopted industry standard for the transmission of threat intelligence is a [combination of the STIX data format and the TAXII protocol](https://oasis-open.github.io/cti-documentation/). If your organization receives threat indicators from solutions that support the current STIX/TAXII version (2.0 or 2.1), you can use the Threat Intelligence - TAXII data connector to bring your threat indicators into Microsoft Sentinel. This connector enables a built-in TAXII client in Microsoft Sentinel to import threat intelligence from TAXII 2.x servers.
19
19
20
20
:::image type="content" source="media/connect-threat-intelligence-taxii/threat-intel-taxii-import-path.png" alt-text="Screenshot that shows a TAXII import path.":::
21
21
22
-
To import STIX-formatted threat indicators to Microsoft Sentinel from a TAXII server, you must get the TAXII server API root and collection ID. Then you enable the Threat intelligence - TAXII data connector in Microsoft Sentinel.
22
+
To import STIX-formatted threat indicators to Microsoft Sentinel from a TAXII server, you must get the TAXII server API root and collection ID. Then you enable the Threat Intelligence - TAXII data connector in Microsoft Sentinel.
23
23
24
24
Learn more about [threat intelligence](understand-threat-intelligence.md) in Microsoft Sentinel, and specifically about the [TAXII threat intelligence feeds](threat-intelligence-integration.md#taxii-threat-intelligence-feeds) that you can integrate with Microsoft Sentinel.
25
25
@@ -56,11 +56,11 @@ To import threat indicators into Microsoft Sentinel from a TAXII server, follow
56
56
57
57
For more information about how to manage the solution components, see [Discover and deploy out-of-the-box content](sentinel-solutions-deploy.md).
58
58
59
-
## Enable the Threat intelligence - TAXII data connector
59
+
## Enable the Threat Intelligence - TAXII data connector
60
60
61
61
1. To configure the TAXII data connector, select the **Data connectors** menu.
62
62
63
-
1. Find and select the **Threat intelligence - TAXII** data connector, and then select **Open connector page**.
63
+
1. Find and select the **Threat Intelligence - TAXII** data connector, and then select **Open connector page**.
64
64
65
65
:::image type="content" source="media/connect-threat-intelligence-taxii/taxii-data-connector-config.png" alt-text="Screenshot that shows the Data connectors page with the TAXII data connector listed." lightbox="media/connect-threat-intelligence-taxii/taxii-data-connector-config.png":::
Copy file name to clipboardExpand all lines: articles/sentinel/indicators-bulk-file-import.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ ms.collection: usx-security
16
16
17
17
# Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file
18
18
19
-
In this how-to guide, you add indicators from a CSV or JSON file into Microsoft Sentinel threat intelligence. Threat intelligence sharing still happens across emails and other informal channels during an ongoing investigation. The ability to import indicators directly into Microsoft Sentinel threat intelligence allows you to quickly socialize emerging threats for your team. You make the threats available to power other analytics, such as producing security alerts, incidents, and automated responses.
19
+
In this article, you add indicators from a CSV or JSON file into Microsoft Sentinel threat intelligence. Threat intelligence sharing still happens across emails and other informal channels during an ongoing investigation. You have the ability to import indicators directly into Microsoft Sentinel threat intelligence so that you can quickly relay emerging threats to your team. You make the threats available to power other analytics, such as producing security alerts, incidents, and automated responses.
20
20
21
21
> [!IMPORTANT]
22
22
> This feature is currently in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -25,7 +25,7 @@ In this how-to guide, you add indicators from a CSV or JSON file into Microsoft
25
25
26
26
## Prerequisites
27
27
28
-
-You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
28
+
You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
29
29
30
30
## Select an import template for your indicators
31
31
@@ -45,7 +45,7 @@ Add multiple indicators to your threat intelligence with a specially crafted CSV
45
45
:::image type="content" source="media/indicators-bulk-file-import/import-using-file-menu-defender-portal.png" alt-text="Screenshot that shows the menu options to import indicators by using a file menu from the Defender portal." lightbox="media/indicators-bulk-file-import/import-using-file-menu-defender-portal.png":::
46
46
---
47
47
48
-
1.Choose **CSV**or **JSON**from the **File format** dropdown menu.
48
+
1.On the **File format**dropdown menu, select **CSV**or **JSON**.
49
49
50
50
:::image type="content" source="media/indicators-bulk-file-import/format-select-and-download.png" alt-text="Screenshot that shows the dropdown menu to upload a CSV or JSON file, choose a template to download, and specify a source.":::
0 commit comments