Nowadays, multiple organizations often rely on multiple threat intelligence sources to detect indicators of compromise (IOCs) such as URLs, domains, and file hashes. However, although it is an important approach to react to against possible threats, these IOCs may not always be relevant to your specific environment and leading to information overload.

This session explores how to integrate Microsoft DefenderXDR/Sentinel in MISP and how to create a customized threat intelligence feed based on actual threats and attacks observed in your environment based . By utilizing Kusto Query Language (KQL) and Logic Apps, you can automate the collection and classification of IOCs, ensuring that your threat intelligence is relevant based on MATCH-4 Intelligence Ratio Model ( Language, Sector, Location and Systems).

Learn how to transform your security operations by integrating these tools, enabling proactive defense mechanisms tailored to your organization's unique threat landscape.

- Understand the limitations of generic threat intelligence feeds and the importance of contextual relevance.

- Discover how to extract meaningful IOCs using KQL.

- Learn to automate the ingestion and classification of IOCs into MISP via Logic Apps.