ThreatConnect Solution for Microsoft Sentinel
Solution: ThreatConnect
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | ThreatConnect, Inc. |
| Support Tier | Partner |
| Support Link | https://threatconnect.com/contact/ |
| Categories | domains |
| Version | 3.0.1 |
| Author | JP Bourget jp@bluecycle.net |
| First Published | 2023-09-11 |
| Last Updated | 2023-09-11 |
| Solution Folder | ThreatConnect |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (6%) |
The ThreatConnect Threat Intelligence Platform solution for Microsoft Sentinel provides Workbooks and Analytics to demonstrate the value of ThreatConnect data inside Microsoft Sentintel.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 3 table(s) from its content items:
| Table | Used By Content |
|---|---|
DnsEvents |
Analytics |
OfficeActivity |
Analytics |
ThreatIntelligenceIndicator |
Analytics |
Internal Tables
The following 3 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
ThreatIntelIndicators |
Workbooks |
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 5 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Threat Connect TI map Domain entity to DnsEvents | Medium | CommandAndControl | DnsEventsThreatIntelligenceIndicator |
| ThreatConnect TI Map URL Entity to OfficeActivity Data | Medium | CommandAndControl | OfficeActivityThreatIntelligenceIndicator |
| ThreatConnect TI map Email entity to OfficeActivity | Medium | CommandAndControl | OfficeActivityThreatIntelligenceIndicator |
| ThreatConnect TI map Email entity to SigninLogs | Medium | CommandAndControl | ThreatIntelligenceIndicator |
| ThreatConnect TI map IP entity to Network Session Events (ASIM Network Session schema) | Medium | CommandAndControl | ThreatIntelligenceIndicator |
Workbooks
| Name | Tables Used |
|---|---|
| ThreatConnectOverview | Internal use:SecurityAlertSecurityIncidentThreatIntelIndicators |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.1 | 02-07-2025 | Updated ThreatConnect Workbook to ThreatIntelIndicators table references. |
| 3.0.1 | 10-06-2024 | Added missing AMA Data Connector reference in Analytic rules |
| 3.0.0 | 12-10-2023 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊