You can either have an automated Cyber Threat Intelligence feed (STIX/TAXII) or your threat indicators can be added manually in the form of IP, Domain, URL File hash. Let's run through the manual process.
All CTI entries aren't just available to view in the "Threat Intelligence" page - they are stored in the Log Analytics Workspace table "ThreatIntelligenceIndicator". Here you will find the manually submissions, but also any automated feeds from STIX/TAXII.
General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud
A recent announcement from Microsoft regarding Exchange Online and Basic Auth - finally making that last push to get it removed.
A page full of useful KQL queries when you need to look for some quick ideas Searching // Search all tables and all data for a keyword. This will look across everything. It's very useful, but can be intensive and may even time out. Make sure to squash the time span