Microsoft TI Analytic Rule

Occasional Contributor

Has anyone enabled/used the out-of-the-box Sentinel TI Analytic Rule “Microsoft Threat Intelligence Analytics”? Any experience would on the below points be much appreciated.

 

  • Considering it will match TI against CEF, DNS, and Syslog, I am a bit worried it shouldn’t start generating FPs.
  • Does it support Automated response, as it seems that tab is missing in the rule configuration?

Thanks

0 Replies