question

mikhailf avatar image
0 Votes"
mikhailf asked rubeste commented

Get list of all tiIndicators using Graph API

Hello Community,

I have a Microsoft Sentinel system with about 30K of TI indicators, that were ingested from Alien Vault using this playbook: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Get-AlienVault_OTX.

Now I would like to get a list of all indicators using Graph API. I tried to do it using Graph Explorer with the following query: GET https://graph.microsoft.com/beta/security/tiIndicators

And I got the following response:
212450-1.png


After that, I tried to add a new indicator using Graph API: POST https://graph.microsoft.com/beta/security/tiIndicators and a request body from this example: https://docs.microsoft.com/en-us/graph/api/tiindicators-post?view=graph-rest-beta&tabs=http

Then I did the first step of getting the list of existing indicators and I did see the indicator that was added manually. I went to Sentinel TI to check whether I see this manually added indicator or not there and I did see it.

So my question is the following: Has anyone tried GraphAPI for TI indicators? What am I missing? Why don't I see all my indicators?

It is in beta now, but It seems weird that the GET request shows nothing.


microsoft-sentinelmicrosoft-graph-security
1.png (13.7 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@mikhailf Apologies for the delayed response on this post.

Just wanted to check were you able to resolve your issue or you need any assistance on the same.

0 Votes 0 ·

I have also a similar issue. However, I found a workaround via the Log Analytics API. You can find my question on StackOverflow here.


0 Votes 0 ·

0 Answers