Create a MISP event from a Sentinel incident

[cudeso]

The title of the playbook

Create a MISP event from a Sentinel incident

Purpose of the playbook

Investigate possibilities for creating MISP events from Sentinel incident (ref. follow up post on sending indicators from MISP to Sentinel)

Sources for inspiration:

• https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/incidents
• https://github.com/microsoft/msticpy/blob/main/docs/notebooks/AzureSentinelAPIs.ipynb
• https://github.com/microsoft/msticpy/blob/main/docs/notebooks/MicrosoftDefender.ipynb

External resources used by this playbook

Azure

Target audience

SOC, CSIRT, CTI

Breefly list the execution steps or workflow

No response