Has anyone enabled/used the out-of-the-box Sentinel TI Analytic Rule “Microsoft Threat Intelligence Analytics”? Any experience would on the below points be much appreciated.
- Considering it will match TI against CEF, DNS, and Syslog, I am a bit worried it shouldn’t start generating FPs.
- Does it support Automated response, as it seems that tab is missing in the rule configuration?
Thanks