arteta22000
commented
2 months ago the domains that you need are shown here : https://github.com/cudeso/misp2sentinel/issues/99 right?
Closed ozzdunne closed 2 months ago
arteta22000
commented
2 months ago the domains that you need are shown here : https://github.com/cudeso/misp2sentinel/issues/99 right?
cudeso
commented
2 months ago Good catch @ozzdunne ; I've added them via https://github.com/cudeso/misp2sentinel/commit/29ac189010284ae3f4ab99a13f23b20c0e8b4190 in a separate FAQ section ; based on the issue mentioned by @arteta22000
Hi,
The Microsoft Settings section of the Read Me calls out some of the URLs required as dependencies for the MISP to send indicators / events to Sentinel, but not all. While in some environments, this may not matter, in highly controlled environments it can make things quite difficult as you have to work around change processes and change windows. So a URL missing from a firewall rule can take days to get corrected. It would be very useful if all the URLs required to enable MISP to send events / indicators to Sentinel were called out in the read me section. The one we noticed that was missing is sentinelus.azure-api.net.
Thanks