OpenCTI
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 2.0.0 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-09-22 |
| Last Updated | 2022-09-22 |
| Solution Folder | OpenCTI |
| Marketplace | Azure Marketplace · Rating: ★★★☆☆ 3.0/5 (2 ratings) · Popularity: 🔵 Medium (78%) |
The OpenCTI solution for Microsoft Sentinel enables you to ingest threat intelligence data from OpenCTI platform into Microsoft Sentinel. This solution includes SOAR Connector and Playbooks which leverage OpenCTI indicators data to not only enrich Microsoft Sentinel incidents but also add indicators to OpenCTI.
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Content Items
This solution includes 4 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 4 |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Create Indicator - OpenCTI | This playbook adds new indicator in OpenCTI based on the entities info present in Sentinel incident.... | - |
| Entity (IP, URL, FileHash, Account, Host) Enrichment - OpenCTI | This playbook search in OpenCTI for indicatoes based on the entities (Account, Host, IP, FileHash, U... | - |
| Read Stream- OpenCTI Indicators | This playbook fetches indicators from OpenCTI and send to Sentinel. Supported types are Domain, File... | - |
| Send to Security Graph API - Batch Import (OpenCTI) | This playbook sends messages to Security GraphAPI in batches | - |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊