Connecting Sentinel to the ELLIO TAXII feed

How to wire Microsoft Sentinel up to the ELLIO Threat Intelligence TAXII feed end to end - generating credentials on the ELLIO Platform, then configuring Sentinel's built-in Threat Intelligence - TAXII data connector.

What you'll learn

Generating TAXII credentials from the ELLIO Platform.
Configuring Microsoft Sentinel's built-in Threat Intelligence - TAXII data connector and verifying ingestion.

Companion docs

Microsoft Sentinel TAXII - Overview
Setup Guide - credential generation, connector setup, ingestion verification.
STIX Data Model - every field, with examples.
KQL Query Examples - copy-paste queries for common hunting and correlation tasks.
CTI API - for per-IP, on-demand lookups instead of streaming feeds.

Previous video

Start with Build your first blocklist if you have not yet shipped an EDL to your firewall.

What you'll learn​

Companion docs​

Previous video​

What you'll learn

Companion docs

Previous video