From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,900 courses taught by industry experts.
Integrating threat intelligence
From the course: Implementing and Administering Microsoft Sentinel
Integrating threat intelligence
Next, we're going to talk through how we integrate threat intelligence into our Microsoft Sentinel instance. And there are a few key activities you'll want to be familiar with. And it begins with importing threat intelligence into Microsoft Sentinel by enabling data connectors to various threat intelligence platforms and feeds, we can then interact with that threat intelligence data in the logs and threat intelligence blades of our Microsoft Sentinel interface. We can detect threats and generate security alerts and incidents using built-in analytics rule templates based on our imported threat intelligence data. So the Sentinel schema understands that threat intelligence data, it's built-in so we can enrich our visibility. And you can visualize key information about your imported threat intelligence with the Threat Intelligence Workbook. Now, before we get into the technical details, I'd like to level set on three definitions. We'll begin with Indicators of Compromise or IOC: The most…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.