Nowadays, multiple organisations often rely on multiple threat intelligence Feeds to detect indicators of compromise (IOCs) such as URLs, domains, and file hashes. However, it not means that their content is relevant to specific environment/sector resulting in an overload of worthless information.

This session explores how to evaluate the quality of TI Feeds, how to integrate observed threats and attacks from Microsoft DefenderXDR/Sentinel into MISP (Malware Information Sharing Platform) and how to create a custom threat intelligence repository. By using Kusto Query Language (KQL) and Logic Apps, you can automate the collection and classification of IOCs, ensuring that your threat intelligence is relevant to our organisation or/and sector.

Learn how to transform your security operations by integrating these tools, enabling proactive defense mechanisms tailored to your organization's unique threat landscape.

- Understand the limitations of generic threat intelligence feeds and the importance of contextual relevance.

- Discover how to extract meaningful IOCs using KQL.

- Learn to automate the ingestion and classification of IOCs into MISP via Logic Apps.