import txt files into threat intelligence for Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2769958%22%20slang%3D%22en-US%22%3Eimport%20txt%20files%20into%20threat%20intelligence%20for%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2769958%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20our%20own%20treat%20intel%20that%20we%20use%20for%20various%20solutions%20and%20we%20retrieve%20this%20via%20an%20URL%20with%20an%20HTTP%20get%20request.%20I%20would%20like%20to%20configure%20Azure%20Sentinel%20to%20pull%20this%20.txt%20file%20every%20few%20hous%20and%20import%20this%20in%20the%20threat%20intel%20table.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20don't%20have%20TAXI%20STIX%20or%20an%20threat%20intel%20platform%20and%20we%20have%20limited%20rights%20to%20the%20server%20with%20the%20threat%20intel.%20Is%20it%20possible%20to%20schedule%20an%20import%20of%20the%20txt%20file%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20trying%20to%20create%20a%20Logic%20App%20and%20this%20was%20easy%20for%20the%20HTTP%20get%20request.%20But%20I%20have%20no%20idea%20how%20to%20get%20the%20.txt%20file%20into%20the%20threat%20intel%20table.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2770150%22%20slang%3D%22en-US%22%3ERe%3A%20import%20txt%20files%20into%20threat%20intelligence%20for%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2770150%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1160843%22%20target%3D%22_blank%22%3E%40Marc_Schmitz%3C%2FA%3E%26nbsp%3BI%20would%20say%20the%20best%20way%20is%20to%20write%20to%20the%20Azure%20Security%20Graph%20using%20the%20new%20Microsoft%20Graph%20Security%20action%20(currently%20in%20preview)%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi All,

 

We have our own treat intel that we use for various solutions and we retrieve this via an URL with an HTTP get request. I would like to configure Azure Sentinel to pull this .txt file every few hous and import this in the threat intel table. 

 

We don't have TAXI STIX or an threat intel platform and we have limited rights to the server with the threat intel. Is it possible to schedule an import of the txt file?

 

I was trying to create a Logic App and this was easy for the HTTP get request. But I have no idea how to get the .txt file into the threat intel table.

2 Replies

@Marc_Schmitz I would say the best way is to write to the Azure Security Graph using the new Microsoft Graph Security action (currently in preview)

Thank you. I will look into this.
www.000webhost.com