Apr 17 2020
- last edited on
Dec 23 2021
I'm leading a CSSP using Sentinel as the SIEM for our clients. We would like to know how much of the "Threat intelligence - TAXII (Preview)" and the "Threat Intelligence Platforms (Preview)" connectors are expected change. We want to deploy it in a couple of clients BUT they are reluctant because of the 'Preview' label attached to it. Is there anyone that I can talk to understand developments of those connectors? We don't want to deploy dozens of use cases and then everything crashes out of sudden. How advisable is to deploy those connectors in production? Thanks in advance for your answer.
Apr 19 2020 01:14 PMSolution
@Jason Wescott provided the followingn guidance on another thread:
We intend to bring both of these to GA this year. Be assured that the schema will not be breaking. We may add properties, but will not be deprecating any properties or changing enums so any code you write against the API today will continue to work as we move to GA. We are also supporting the existing /beta endpoint at production level of support as we are with the Threat Intelligence - Platforms data connector in Azure Sentinel.