Add Microsoft Defender ATP to misp-book connector doc

pull/183/head
chinguyen1 2019-12-30 12:17:22 -08:00
parent c6bfe2aaa9
commit 999787bf12
1 changed files with 12 additions and 1 deletions

View File

@ -2,10 +2,14 @@
Below you will find various tweaks and tips when integrating 3rd party connectors.
## Microsoft Azure Sentinel
## Microsoft Azure Sentinel
[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/)
## Microsoft Defender ATP
[Microsoft Defender ATP](https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp/)
# MISP to Microsoft Graph Security Script
The script provides clients with MISP instances to migrate threat indicators to the Microsoft Graph Security API.
@ -66,6 +70,8 @@ Once changes are complete, save the config file.
## Configurations
### Target Product
`targetProduct = "Azure Sentinel"`
**or**
`targetProduct = "Microsoft Defender ATP"`
### Misp Event Filter
Filters can be set in the config.py file under the "misp_event_filters" property
@ -131,6 +137,8 @@ misp_event_filters = []
This gets all events.
### Action
Possible **action** values are: `alert`, `allow`, `block`.
`action = "alert"` (This is default).
### Passive Only
@ -147,6 +155,9 @@ Configure a sync user.
`misp_key = '<misp key>'`
### Misp Domain
Misp Domain is the base URL of your MISP instance.
### Verify Cert
This gives you the option to choose if python should validate the certificate of the misp instance. (This allows ease within testing environments)