![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 26%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Ravi Teja ,
Microsoft does not have an official guide for integrating MISP with Sentinel, but either Logic Apps or a Python script should be fine for this. You could use Microsoft Graph to ingest the threat indicators into Sentinel and specify the attributes in the Logic App. The Microsoft Graph Security API allows you to import custom threat indicators from various sources such as IOCs received in MISP and make these IOCs available in Microsoft Sentinel and other Azure services.
There is a LinkedIn post here where someone was able to achieve this using Logic Apps and documented the steps. https://www.linkedin.com/pulse/how-ingest-misp-iocs-azure-sentinel-using-security-arshad/
You may also have seen this post that describes how to achieve the same using a Python script and setting up a Data Connector in Microsoft Sentinel. https://www.vanimpe.eu/2022/04/20/misp-and-microsoft-sentinel/
While Microsoft doesn't have an official guide for integration with MISP Threat Sharing specifically, it does have examples using other data sources such as AlienVault OTX which also connects via Logic Apps.
Let me know if there was any more specific guidance that you were looking for.
-
If the information provided was helpful to you, please consider marking as answer so that others in the community with similar questions can more easily find a solution.