Microsoft (Azure) Sentinel Integration using a CSV File#

Below you will find a guide on how to connect PrecisionSec Threat Intelligence indicators to your Microsoft (Azure) Sentinel Threat Intelligence blade.

Attention

Credentials are required to access this data. If you have not yet received evaluation credentials, please request access.

  1. Download the following files to your desktop or other local location from our secure server using the credentials you were provided:

    1. https://trial.precisionsec.com/sentinel/network_indicators.csv

    2. https://trial.precisionsec.com/sentinel/file_indicators.csv

  2. From the Azure portal, go to Microsoft Sentinel.

  3. Select the workspace you want to import threat indicators into.

  4. Navigate to the Threat Intelligence blade under the Threat Management heading.

_images/Microsoft_Azure_Sentinel_import_using_file.png

  1. Select Import > Import using a file (Preview).

_images/Microsoft_Azure_Sentinel_import_CSV.png

  1. Choose CSV from the File Format drop down menu.

  2. For the Indicator Type dropdown, select the “File indicators” for the file_indicators.csv, or “All other indicator types” for network_indicators.csv.

  3. Drag or Browse to the corresponding CSV file you downloaded in Step 1.

  4. In the Source field, enter “PrecisionSec”.

  5. Under If there are invalid indicators, leave the default “Import the valid indicators”.

  6. Click the Import button.

    1. You will see a confirmation dialog that the indicators are being uploaded. Shortly after that the indicators should appear in the Threat Intelligence blade in Sentinel.