Use the Microsoft Azure AD Connect Health Feed integration to get indicators from the feed. This integration was integrated and tested with version 1 of Azure AD Connect Health Feed
- Navigate to Settings > Integrations > Servers & Services.
- Search for Azure AD Connect Health Feed.
- Click Add instance to create and configure a new integration instance.
Parameter | Description | Required |
---|---|---|
feed | Fetch indicators | False |
feedReputation | Indicator Reputation | False |
feedReliability | Source Reliability | True |
tlp_color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp | False |
feedExpirationInterval | False | |
feedFetchInterval | Feed Fetch Interval | False |
url | The Microsoft Azure endpoint URL | True |
feedTags | Tags | False |
feedBypassExclusionList | Bypass exclusion list | False |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
- Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Gets indicators from the feed.
azure-ad-health-get-indicators
Argument Name | Description | Required |
---|---|---|
limit | The maximum number of results to return. The default value is 10. | Optional |
There is no context output for this command.
!azure-ad-health-get-indicators
{}
value type https://login.microsoftonline.com URL https://secure.aadcdn.microsoftonline-p.com URL https://login.windows.net URL