Are you still experiencing issues?
Regards
Bill
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello Community,
I have a Microsoft Sentinel system with about 30K of TI indicators, that were ingested from Alien Vault using this playbook: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Get-AlienVault_OTX.
Now I would like to get a list of all indicators using Graph API. I tried to do it using Graph Explorer with the following query: GET https://graph.microsoft.com/beta/security/tiIndicators
And I got the following response:
After that, I tried to add a new indicator using Graph API: POST https://graph.microsoft.com/beta/security/tiIndicators and a request body from this example: https://learn.microsoft.com/en-us/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http
Then I did the first step of getting the list of existing indicators and I did see the indicator that was added manually. I went to Sentinel TI to check whether I see this manually added indicator or not there and I did see it.
So my question is the following: Has anyone tried GraphAPI for TI indicators? What am I missing? Why don't I see all my indicators?
It is in beta now, but It seems weird that the GET request shows nothing.