Threat Intelligence integrations Microsoft Sentinel

Question

Hello,Could you please explain to me how these TI alerts work? I have just added 2 TI sourcesDo I need to set up the rule now from gallery content? or I just need to add TI indicator and that's all?and alert will be generated?My understanding is that the rule will generate an alert whenever a Microsoft Threat Intelligence Indicator is matched with my event log. Could you confirm if this is correct?Thank you.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

nitin059 · Answer

Hi,You'd need to create 'Analytics Rule' to utilize the TIs (you've added).Details - https://learn.microsoft.com/en-us/azure/sentinel/use-threat-indicators-in-analytics-rules

cyberking · Answer

thanks I figure this out yesterday!

mujju016 · Answer

Hi - can you pls share the Threat Intelligence you added ?if possible, along with the steps.

Forum Discussion

Threat Intelligence integrations > Microsoft Sentinel

Share

Resources