https://store-images.s-microsoft.com/image/apps.7371.f6d6050d-4e35-4dd6-aa32-ac4a6dda225b.46a1a1e8-3a16-4aae-9d5f-36bd75383963.b774dd8c-c024-4232-b392-34ca570e505e
ThreatQ Integration for Microsoft Sentinel
ThreatQuotient, Inc.
ThreatQ Integration for Microsoft Sentinel
ThreatQuotient, Inc.
ThreatQ Integration for Microsoft Sentinel
ThreatQuotient, Inc.
The Sentinel Connector for ThreatQ exports indicators to Microsoft Sentinel via the Graph API.
The Microsoft Sentinel Connector for ThreatQ integration allows a user to export indicators directly to Microsoft Sentinel via Microsoft's Graph API. The Microsoft Graph API will automatically deduplicate and update IOCs sent to their API.
The target product where IOCs are sent to include: Azure Sentinel (default), or Microsoft Defense ATP.
The action to take when an IOC is observed in your environment include: Unknown, Allow, Block, Alert.
The default threat type to apply to the exported IOCs include: Botnet, C2, CryptoMining, 4Darknet, DDoS, MaliciousUrl, Malware, Phishing, Proxy, PUA, and WatchList (default).
The default expiration for exported IOCs when an indicator has no expiration include: 2 Weeks (default), 1 Month, 3 Months, 6 Months, 1 Year, 5 Years.
https://store-images.s-microsoft.com/image/apps.14689.f6d6050d-4e35-4dd6-aa32-ac4a6dda225b.46a1a1e8-3a16-4aae-9d5f-36bd75383963.8d91127d-2a93-4bbe-ace3-32b42185bc10
https://store-images.s-microsoft.com/image/apps.14689.f6d6050d-4e35-4dd6-aa32-ac4a6dda225b.46a1a1e8-3a16-4aae-9d5f-36bd75383963.8d91127d-2a93-4bbe-ace3-32b42185bc10
https://store-images.s-microsoft.com/image/apps.30018.f6d6050d-4e35-4dd6-aa32-ac4a6dda225b.46a1a1e8-3a16-4aae-9d5f-36bd75383963.6ae1dec3-4b76-4d4b-908d-aa5ddcace9bc