[KB8314] ESET Threat Intelligence with MS Azure Sentinel

Issue

  • Import ESET Threat Intelligence threat indicators from the TAXII server in the Microsoft Azure Sentinel

Solution

  1. Log in to the Microsoft Azure portal and navigate to the Microsoft Sentinel service.

    Figure 1-1
  2. Open the workspace to which you want to import threat indicators from the TAXII server.

    Figure 1-2
  3. Click Data connectors, type Taxi into the filter, and select Threat Intelligence - TAXII. Click Open connector page.

    Figure 1-3
  4. Fill in the information to the Friendly name, ETI API Root URL, Collection ID, Username, and Password field. Select the group of indicators from the Import Indicators drop-down menu and the polling frequency from the Polling Frequency drop-down menu. Click Add.

    Figure 1-4