Adding TI in Bulk to Microsoft Sentinel in Public Preview

Today the ability to upload new Threat Intelligence (indicators) is available in Public Preview.

A new Import tab in the Threat Intelligence blade of the Microsoft Sentinel console allows you to import from a flat file (csv or JSON) and also manage existing imports.

Import TI

The Docs are already available: Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file

=========================

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]

Author