Adding TI in Bulk to Microsoft Sentinel in Public Preview

Today the ability to upload new Threat Intelligence (indicators) is available in Public Preview. A new Import tab in the Threat Intelligence blade of the Microsoft Sentinel console allows you to import from a flat file (csv or JSON) and also manage existing imports. Import TI The Docs are already available: Add indicators in bulk … Continue reading Adding TI in Bulk to Microsoft Sentinel in Public Preview

Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel

This post is part of an ongoing series to provide ideas for enhancing security operations through automation. Microsoft Sentinel has built-in SOAR capability, so the prescriptive guidance provided here can be implemented immediately and without much effort. ================================= Microsoft Sentinel is updated constantly, and many customers would like better ways to know when things are … Continue reading Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel

Reusing Microsoft Sentinel Watchlists Across Tenants

Here's a common question (just received it again today, in fact). Q: Is it possible to do cross-tenant retrieval of watchlists? A: Retrieving Watchlist content through API isn't available yet and Repositories doesn't support Watchlists. So, here's suggestions of a couple things you could do: [1] Query the Watchlist and export the results to a … Continue reading Reusing Microsoft Sentinel Watchlists Across Tenants