mirror of https://github.com/MISP/misp-book
Add Microsoft Defender ATP to misp-book connector doc
parent
c6bfe2aaa9
commit
999787bf12
|
@ -6,6 +6,10 @@ Below you will find various tweaks and tips when integrating 3rd party connector
|
||||||
|
|
||||||
[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/)
|
[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/)
|
||||||
|
|
||||||
|
## Microsoft Defender ATP
|
||||||
|
|
||||||
|
[Microsoft Defender ATP](https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp/)
|
||||||
|
|
||||||
# MISP to Microsoft Graph Security Script
|
# MISP to Microsoft Graph Security Script
|
||||||
The script provides clients with MISP instances to migrate threat indicators to the Microsoft Graph Security API.
|
The script provides clients with MISP instances to migrate threat indicators to the Microsoft Graph Security API.
|
||||||
|
|
||||||
|
@ -66,6 +70,8 @@ Once changes are complete, save the config file.
|
||||||
## Configurations
|
## Configurations
|
||||||
### Target Product
|
### Target Product
|
||||||
`targetProduct = "Azure Sentinel"`
|
`targetProduct = "Azure Sentinel"`
|
||||||
|
**or**
|
||||||
|
`targetProduct = "Microsoft Defender ATP"`
|
||||||
|
|
||||||
### Misp Event Filter
|
### Misp Event Filter
|
||||||
Filters can be set in the config.py file under the "misp_event_filters" property
|
Filters can be set in the config.py file under the "misp_event_filters" property
|
||||||
|
@ -131,6 +137,8 @@ misp_event_filters = []
|
||||||
This gets all events.
|
This gets all events.
|
||||||
|
|
||||||
### Action
|
### Action
|
||||||
|
Possible **action** values are: `alert`, `allow`, `block`.
|
||||||
|
|
||||||
`action = "alert"` (This is default).
|
`action = "alert"` (This is default).
|
||||||
|
|
||||||
### Passive Only
|
### Passive Only
|
||||||
|
@ -147,6 +155,9 @@ Configure a sync user.
|
||||||
|
|
||||||
`misp_key = '<misp key>'`
|
`misp_key = '<misp key>'`
|
||||||
|
|
||||||
|
### Misp Domain
|
||||||
|
Misp Domain is the base URL of your MISP instance.
|
||||||
|
|
||||||
### Verify Cert
|
### Verify Cert
|
||||||
This gives you the option to choose if python should validate the certificate of the misp instance. (This allows ease within testing environments)
|
This gives you the option to choose if python should validate the certificate of the misp instance. (This allows ease within testing environments)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue