For this blog I used the Ubuntu instructions. The Docker project has already published comprehensive documentation on setting up the most recent version of Docker for your distribution of choice. If you have questions or feedback on this COVID-19 feed, please email integrate this feed with your MISP server you will need to use the following URL: We are maintaining this feed through the peak of the outbreak to help organizations focus on recovery. While some threats and actors are still best defended more discreetly, we are committed to greater transparency and taking community feedback on what types of information is most useful to defenders in protecting against COVID-related threats. We will continue to explore ways to improve the data over the duration of the crisis. The COVID-specific threat intelligence feed represents a start at sharing some of Microsoft’s COVID-related IOCs. Instructions here have been tested on Ubuntu 18.04 but should be applicable to many other distributions – even WSL. Haim Goldshtein has already written a blog post on doing this. It is also possible to use this code to import MISP data into Microsoft Defender ATP as well.
#Sentinel source roadmap how to#
In this blog post I will show Azure Sentinel customers how to set up a MISP server that can receive any public feeds, including these COVID-19 indicators, and import the data into your Azure Sentinel environment. The feed of indicators is provided as data file on GitHub which can be consumed using MISP.
Office365 successfully blocked these attempts, but the indicators can be consumed and used by customers to further protect themselves. Recently, Microsoft released an open source set of malicious file hash indicators identified as using COVID-19 themed malicious email attachments in attempted attacks against our customers.
0 kommentar(er)
