[KB8314] ESET Threat Intelligence with MS Azure Sentinel

Issue

  • Import ESET Threat Intelligence threat indicators from the TAXII server in the Microsoft Azure Sentinel

Solution

Before you proceed

See the available TAXII feeds, including the TAXII server URL and TAXII Collection ID.

To find your TAXII credentials, username, or password, see how to activate a TAXII feed.

  1. Log in to the Microsoft Azure portal and navigate to the Microsoft Sentinel service.

    Figure 1-1

  2. Open the workspace to which you want to import threat indicators from the TAXII server.

    Figure 1-2

  3. Click Data connectors, select Threat intelligence - TAXII, and click Open connector page.

    Figure 1-3

  4. Fill in the TAXII configuration described below, and click Add to configure your TAXII server:

    • Name: Name of the feed (for example, ETI_Botnet_feed)
    • API root URL: Copy your URL of ESET Threat Intelligence TAXII 2.x API root (for example, https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a)
    • Collection ID: Copy your TAXII Collection ID (for example, 0abb06690b0b47e49cd7794396b76b20)
    • Username and Password: to get your credentials, activate a TAXII feed
    • Select the group of indicators from the Import indicators drop-down menu and the polling frequency from the Polling frequency drop-down menu

    Figure 1-4
Last Updated: Sep 8, 2025

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?