Forum Discussion
Threat Intelligence integrations > Microsoft Sentinel
Hello,
Could you please explain to me how these TI alerts work? I have just added 2 TI sources
Do I need to set up the rule now from gallery content? or I just need to add TI indicator and that's all?
and alert will be generated?
My understanding is that the rule will generate an alert whenever a Microsoft Threat Intelligence Indicator is matched with my event log. Could you confirm if this is correct?
Thank you.
3 Replies
- Hi,
You'd need to create 'Analytics Rule' to utilize the TIs (you've added).
Details - https://learn.microsoft.com/en-us/azure/sentinel/use-threat-indicators-in-analytics-rules
