We’re releasing the next evolution of the Microsoft Sentinel Threat Intelligence Workbook. This solution provides enhanced capabilities in indicator ingestion and indicator search, empowering organizations to centralize and correlate threat data across their workloads and operationalize these insights for investigation and response. As a result, this workbook serves as a starting point for building threat intelligence programs.
For example, Indicator Search provides a free-text search of indicators (IP address, file, hash, email address, username) to determine:
- Indicators in your data
- Pattern of the indicator over time
- Reporting threat intelligence feed and details
- Security incidents for investigation and response
Learn more by watching the demo:
Use cases
There are several use cases for the Microsoft Sentinel Threat Intelligence Workbook depending on user roles and requirements. Common use cases include threat hunting, developing alerting, and conducting research with custom reporting.
The workbook is organized into two sections:
- Indicators Ingestion: Evaluate indicators onboarded, threat feeds, and confidence ratings.
- Indicator Search: Free text search indicators across your cloud workloads.
Benefits
- Ingest, analyze, hunt for indicators within cloud, on-premises, multi-cloud, first- and third-party workloads
- Free text search to hunt for IPs, hash, user account, emails, etc., across your data
- Investigate and respond to threat intelligence indicators
Audience
- Threat Intelligence Professionals: Investigations
- SecOps: Alert / automation building
- MSSP: Consultants, managed service providers
Getting started
- Onboard Microsoft Sentinel
- Connect threat intelligence platforms
- Connect STIX/TAXII feeds
- Update workbook version
- Microsoft Sentinel > Workbooks > Search “Threat Intelligence” > Select “Update” in bottom right
- Access workbook
- Microsoft Sentinel > Threat Intelligence > Threat Intelligence Workbook
- Review the content and provide feedback through our survey.
Learn more about threat intelligence with Microsoft Security
- General availability of Microsoft Sentinel threat intelligence in Azure commercial and Azure Government
- Understand threat intelligence in Microsoft Sentinel
- Microsoft threat intelligence | Unparalleled threat detection
0 comments