From 999787bf121ac529ca06c342e8c4e852642aa64d Mon Sep 17 00:00:00 2001 From: chinguyen1 Date: Mon, 30 Dec 2019 12:17:22 -0800 Subject: [PATCH] Add Microsoft Defender ATP to misp-book connector doc --- connectors/README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/connectors/README.md b/connectors/README.md index 3312bdc..643293a 100644 --- a/connectors/README.md +++ b/connectors/README.md @@ -2,10 +2,14 @@ Below you will find various tweaks and tips when integrating 3rd party connectors. -## Microsoft Azure Sentinel +## Microsoft Azure Sentinel [Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/) +## Microsoft Defender ATP + +[Microsoft Defender ATP](https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp/) + # MISP to Microsoft Graph Security Script The script provides clients with MISP instances to migrate threat indicators to the Microsoft Graph Security API. @@ -66,6 +70,8 @@ Once changes are complete, save the config file. ## Configurations ### Target Product `targetProduct = "Azure Sentinel"` +**or** +`targetProduct = "Microsoft Defender ATP"` ### Misp Event Filter Filters can be set in the config.py file under the "misp_event_filters" property @@ -131,6 +137,8 @@ misp_event_filters = [] This gets all events. ### Action +Possible **action** values are: `alert`, `allow`, `block`. + `action = "alert"` (This is default). ### Passive Only @@ -147,6 +155,9 @@ Configure a sync user. `misp_key = ''` +### Misp Domain +Misp Domain is the base URL of your MISP instance. + ### Verify Cert This gives you the option to choose if python should validate the certificate of the misp instance. (This allows ease within testing environments)