Azure Sentinel IOC Feed Setup

note this requires a licensed sekoia ioc feed add on and is not included in the sentinel integration by default reach out to your csm for more information how to setup an ioc feed in azure sentinel go to the microsoft sentinel interface in microsoft azure in the “configuration” menu, click on “data connectors” search for “taxii” and select “threat intelligence taxii” connector if the search is disabled, click on the content hub and search for “taxii” install it on the “data connections” page, select “threat intelligence taxii” and click on “open connector page” in the “threat intelligence taxii” connector page, fill the form with the following information friendly name (for server) flare api root url https //api flare io/taxii2 collection id paste here your feed identifier username api key password paste here the api key that was created in the first step import indicators “all available” polling frequency “once an hour”