TISC - Microsoft Sentinel integration

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Threat Intelligence Security Center for Microsoft Sentinel offers several capabilities, including importing observables from TISC to Sentinel, enriching Sentinel incidents with details of related observables, and also allow exporting observables from Sentinel to TISC.

    주:
    On Microsoft Sentinel, observables are referred as entities.

    Prerequisites

    Dependencies

    The Threat Intelligence solution from Microsoft Sentinel Content Hub must be installed.

    표 1. Roles and permissions
    Application Roles and Permissions Description
    Microsoft Sentinel-specific roles
    1. Logic App Contributor
    2. Microsoft Sentinel Contributor
    1. To install the required playbooks on a Resource Group level.
    2. Interact with Microsoft Sentinel playbooks.

    For more information, see Roles and Permissions in Microsoft Sentinel.
    Threat Intelligence Security Center sn_sec_tisc.api_azure_sentinel_solution User configured in the TISC Custom Connector should have this role to allow access to TISC APIs.