ThreatQ Connector for Microsoft 365 Defender
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.2.1 |
| Compatible with ThreatQ Versions | >= 4.56.0 |
| Python Version | 3.6 |
| Support Tier | Not Actively Supported |
Introduction
ThreatQ v6 Users – while the connector’s overall operation remains the same, installation and usage commands for ThreatQ v6 users will differ from what is listed in this guide. See the Installing Custom Connectors in ThreatQ v6 and Installing Custom Connectors on Another Instance topics for additional information.
This connector has been deprecated and replaced by the ThreatQ CDF for Microsoft 365 Defender.
The ThreatQ Connector for Microsoft 365 Defender allows you to export indicators from ThreatQ directly to Microsoft Defender via Microsoft's 365 Defender API.
The connector utilizes the following endpoint:
- Import Indicators -
https://api.securitycenter.microsoft.com/api/indicators/import
There are several permission requirements in order to use this connector. See the Permissions section of the Prerequisites chapter for more details.
PDF Guides
| Document | ThreatQ Version |
|---|---|
| ThreatQ Connector for Microsoft 365 Defender Guide v1.2.1 | 4.56.0 or Greater |