Threat Intelligence: TAXII Export Connector Added for External Sharing

What Changed

The Threat Intelligence (NEW) solution received a new TAXII Export data connector in version 3.0.7. This connector enables Microsoft Sentinel to export threat intelligence indicators to external TAXII 2.1 servers, expanding threat intelligence sharing capabilities.

Data Source

The TAXII Export connector allows organizations to:

• Export STIX-formatted threat intelligence objects from Microsoft Sentinel
• Share indicators with external threat intelligence platforms via TAXII 2.1 protocol
• Configure automated threat intelligence distribution to partner organizations
• Populate the new ThreatIntelExportOperation_CL table with export operation logs

Ingestion Mechanism

This is an outbound export connector rather than traditional data ingestion. It enables Microsoft Sentinel to push threat intelligence indicators to configured TAXII servers, supporting collaborative threat intelligence sharing workflows.

Affected Files

• Solutions/Threat Intelligence (NEW)/Data Connectors/template_ThreatIntelligenceTaxiiExport.json (new connector definition)
• .script/tests/KqlvalidationsTests/CustomTables/ThreatIntelExportOperation.json (new table schema for export operations)
• (packaging artefacts updated: mainTemplate.json, createUiDefinition.json, 3.0.7.zip, Solution json)