MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

added documentation

pull/448/head
milkmix 2020-11-23 15:09:31 +01:00
parent 47980ef2eb
commit 6b9d30c6ce
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
documentation/logos/defender_endpoing.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 648 KiB

11
documentation/website/export_mod/defender_endpoint_export.json Normal file
View File

@ -0,0 +1,11 @@
{
"description": "Defender for Endpoint KQL hunting query export module",
"requirements": [],
"features": "This module export an event as Defender for Endpoint KQL queries that can then be used in your own python3 or Powershell tool. If you are using Microsoft Sentinel, you can directly connect your MISP instance to Sentinel and then create queries using the `ThreatIntelligenceIndicator` table to match events against imported IOC.",
"references": [
"https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference"
],
"input": "MISP Event attributes",
"output": "Defender for Endpoint KQL queries",
"logo": "defender_endpoint.png"
}