2) You can also integrate your threat intelligence applications and feeds directly using the Microsoft Graph Security API tiIndicator entity.
Then simply configure the Threat Intelligence data connector in Azure Sentinel to begin ingesting this data.
Azure Sentinel enables you to correlate and analyze your threat intelligence data to create custom alerts on malicious activity, power hunting queries, and create dashboards to monitor threat activity levels.
I have firewalls logs that I want to correlate with the Threat Intelligence feed.
Let's say I create a Alert when a firewall logs contains a Destination IP that matches a IP from the Threat Intel DB. My problem is that the Alert is only looking for the 5 last hours in both tables. I need to :