This playbook uses the Microsoft Defender Threat Intelligence Reputation data as well as the HOst API endpoint to automatically enrich incidents generated by Microsoft Sentinel. Indicators from an incident will be evaluated with MDTI Reputation data.
- This playbook inherits API connections created and established within a base playbook. Ensure you have deployed MDTI-Base this playbook. If you have trouble accessing your account or your credentials contact your account representative or reach out to discussMDTI[@]microsoft.com.
- This playbook requires "Microsoft Sentinel Contributor" role to update Incidents.
After deploying the playbook, you must authorize the connections leveraged.
- Visit the playbook resource.
- Under "Development Tools" (located on the left), click "API Connections".
- Ensure each connection has been authorized.
Note: If you've deployed the MDTI-Base playbook, you will only need to authorize the Microsoft Sentinel connection.