May 9th, 2022

Jumpstart threat intelligence programs with the Microsoft Sentinel Threat Intelligence Workbook

We’re releasing the next evolution of the Microsoft Sentinel Threat Intelligence Workbook. This solution provides enhanced capabilities in indicator ingestion and indicator search, empowering organizations to centralize and correlate threat data across their workloads and operationalize these insights for investigation and response. As a result, this workbook serves as a starting point for building threat intelligence programs.

For example, Indicator Search provides a free-text search of indicators (IP address, file, hash, email address, username) to determine:

  • Indicators in your data
  • Pattern of the indicator over time
  • Reporting threat intelligence feed and details
  • Security incidents for investigation and response

Learn more by watching the demo:

Use cases

There are several use cases for the Microsoft Sentinel Threat Intelligence Workbook depending on user roles and requirements. Common use cases include threat hunting, developing alerting, and conducting research with custom reporting.

The workbook is organized into two sections:

  • Indicators Ingestion: Evaluate indicators onboarded, threat feeds, and confidence ratings.
  • Indicator Search: Free text search indicators across your cloud workloads.

Benefits

  • Ingest, analyze, hunt for indicators within cloud, on-premises, multi-cloud, first- and third-party workloads
  • Free text search to hunt for IPs, hash, user account, emails, etc., across your data
  • Investigate and respond to threat intelligence indicators

Audience

  • Threat Intelligence Professionals: Investigations
  • SecOps: Alert / automation building
  • MSSP: Consultants, managed service providers

Getting started

  1. Onboard Microsoft Sentinel
  2. Connect threat intelligence platforms
  3. Connect STIX/TAXII feeds
  4. Update workbook version
    1. Microsoft Sentinel > Workbooks > Search “Threat Intelligence” > Select “Update” in bottom right

Image Threat Intelligence Workbook 2 8211 May 2022 gif

  1. Access workbook
    1. Microsoft Sentinel > Threat Intelligence > Threat Intelligence Workbook
  1. Review the content and provide feedback through our survey.

Learn more about threat intelligence with Microsoft Security

Author

Lili Davoudian
Senior Product Manager
TJ Banasik
CISSP-ISSEP, ISSAP, ISSMP, Principal Product Manager

TJ Banasik is a Senior Program Manager for Microsoft in the Cloud & AI Security Group. He has consulted with numerous organizations in cybersecurity and has built security operations centers across the government, military and commercial sectors. A security operations expert, TJ has extensive experience in incident response, threat intelligence, insider threat, and threat vulnerability management. He’s previously worked as the Director of Security for Veritas Technologies, the Senior ...

More about author

0 comments

Discussion are closed.