Nowadays, multiple organizations often rely on multiple threat intelligence sources to detect indicators of compromise (IOCs) such as URLs, domains, and file hashes. However, although it is an important approach to react to against possible threats, these IOCs may not always be relevant to your specific environment and leading to information overload.

This session explores how to harness the power of Microsoft DefenderXDR/Sentinel and MISP to create a customized threat intelligence feed based on actual threats and attacks observed in your environment. By utilizing Kusto Query Language (KQL) and Logic Apps, you can automate the collection and classification of IOCs, ensuring that your threat intelligence is both relevant and actionable.

Learn how to transform your security operations by integrating these tools, enabling proactive defense mechanisms tailored to your organization's unique threat landscape.

- Understand the limitations of generic threat intelligence feeds and the importance of contextual relevance.

- Discover how to extract meaningful IOCs using KQL.

- Learn to automate the ingestion and classification of IOCs into MISP via Logic Apps.