Do not use. Temporarily not operational.
Learning Path 6 - Lab 1 - Exercise 4 - Connect Threat intelligence to Microsoft Sentinel using data connectors
Lab scenario
You are a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You must learn how to connect log data from the many data sources in your organization. Finally, you connect a threat intelligence feed to enhance your ability to detect and prioritize known threats.
Task 1: Connect Threat intelligence
In this task, you will connect a Threat intelligence provider with the Threat intelligence - TAXII connector.
-
Login to WIN1 virtual machine as Admin with the password: Pa55w.rd.
-
In the Edge browser, navigate to the Azure portal at (https://portal.azure.com).
-
In the Sign in dialog box, copy and paste in the Tenant Email account provided by your lab hosting provider and then select Next.
-
In the Enter password dialog box, copy and paste in the Tenant Password provided by your lab hosting provider and then select Sign in.
-
In the Search bar of the Azure portal, type Sentinel, then select Microsoft Sentinel.
-
Select your Microsoft Sentinel Workspace you created earlier.
-
From the Data Connectors tab, search for the Threat intelligence - TAXII connector.
-
Select Open connector page on the connector information blade.
-
Under the Configuration area, in the Friendly name (for server) field, enter PhishURLs
-
For the API root URL enter https://limo.anomali.com/api/v1/taxii2/feeds/
-
Enter 107 for the Collection ID.
-
Enter guest for username.
-
Enter guest for the password.
-
Now select the Add button. Phishing URLs will be pulled and populate the ThreatIntelligenceIndicator table.
Note: If you want to add another collection, open https://limo.anomali.com/api/v1/taxii2/feeds/collections/ in the Edge Browser, and use the guest username and password to review the different IDs available.