cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Threat Intelligence integrations > Microsoft Sentinel

CyberKing
Copper Contributor

‎Mar 15 2023 04:19 AM

‎Mar 15 2023 04:19 AM

Threat Intelligence integrations > Microsoft Sentinel

Hello,

Could you please explain to me how these TI alerts work? I have just added 2 TI sources

Do I need to set up the rule now from gallery content? or I just need to add TI indicator and that's all?

and alert will be generated?

CyberKing_1-1678878655965.png

My understanding is that the rule will generate an alert whenever a Microsoft Threat Intelligence Indicator is matched with my event log. Could you confirm if this is correct?

Thank you.

 

 

 

CyberKing_0-1678878338093.png

CyberKing_2-1678879140144.png

 

 

738 Views
0 Likes
3 Replies
Reply
3 Replies
Nitin059

‎Mar 16 2023 03:26 AM

‎Mar 16 2023 03:26 AM

Re: Threat Intelligence integrations > Microsoft Sentinel

Hi,
You'd need to create 'Analytics Rule' to utilize the TIs (you've added).
Details - https://learn.microsoft.com/en-us/azure/sentinel/use-threat-indicators-in-analytics-rules

0 Likes
Reply
CyberKing

‎Mar 16 2023 03:29 AM

‎Mar 16 2023 03:29 AM

Re: Threat Intelligence integrations > Microsoft Sentinel

thanks I figure this out yesterday!
0 Likes
Reply
mujju016

‎Mar 23 2023 06:00 AM

‎Mar 23 2023 06:00 AM

Re: Threat Intelligence integrations > Microsoft Sentinel

Hi - can you pls share the Threat Intelligence you added ?

if possible, along with the steps.
0 Likes
Reply