Skip to content

[Microsoft Sentinel Intel] Batch processing of stream events and batch uploading of indicators #5174

New issue
New issue
Open
Open
[Microsoft Sentinel Intel] Batch processing of stream events and batch uploading of indicators#5174
Assignees
throuxel
Labels
connector: microsoft sentinel intelfeatureuse for describing a new feature to develop
@romain-filigran

Description

@romain-filigran
romain-filigran
opened on Nov 12, 2025

Use case

At the moment, the "Microsoft Sentinel Intel' connector upload indicator one by one in Microsoft Sentinel.
This behavior causes rate limit issues as the limits defined by microsoft are

  • Maximum of 1000 indicators per request
  • Maximum of 100 requests per minute per workspace

We introduce a method in the Python client to process stream events in batches. Once the PR (OpenCTI-Platform/client-python#1022) is merged, we need to implement this behavior at the connector level.

Metadata

Metadata

Assignees

Labels

connector: microsoft sentinel intelfeatureuse for describing a new feature to develop

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions