New Solution: TacitRed Defender Threat Intelligence Integration

Data Source

This solution integrates TacitRed’s threat intelligence platform, which provides compromised credential monitoring and threat surface intelligence. The solution enables automated retrieval of compromised credentials and other threat indicators from TacitRed’s API for ingestion into Microsoft Sentinel.

Ingestion Mechanism

Function App-based solution with dual components:

• Azure Function App: Processes TacitRed API data and converts findings to STIX format
• Logic App Playbook: Scheduled automation (every 6 hours) that orchestrates data retrieval and upload to Microsoft Defender Threat Intelligence

The solution uses the ARM-based createIndicator API to upload threat indicators, requiring Reader and Microsoft Sentinel Contributor roles on the target workspace.

Detection Surface Unlocked

Enables detection of credential-based attacks by providing visibility into:

• Compromised organizational credentials discovered in dark web monitoring
• Credential stuffing and password spray attack correlation
• Account takeover risk assessment through exposed credential intelligence
• Timeline correlation between credential exposure and suspicious authentication events

The integration feeds Microsoft Defender Threat Intelligence with indicators that can trigger alerts when compromised credentials are used in authentication attempts against organizational resources.

Affected Files

Logos/tacitred_logo.svg
Solutions/TacitRed-Defender-ThreatIntelligence/Package/testParameters.json
Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedDefenderTI_FunctionApp/azuredeploy.json
Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedToDefenderTI/Images/TacitRedToDefenderTIDark.png
Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedToDefenderTI/Images/TacitRedToDefenderTILight.png
Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedToDefenderTI/azuredeploy.json
Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedToDefenderTI/readme.md
Solutions/TacitRed-Defender-ThreatIntelligence/README.md
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_TacitRedDefenderThreatIntelligence.json, createUiDefinition.json, mainTemplate.json)