azure Featured Azure Sentinel: Adding Threat Indicators Manually You can either have an automated Cyber Threat Intelligence feed (STIX/TAXII) or your threat indicators can be added manually in the form of IP, Domain, URL File hash. Let's run through the manual process.
azure Azure Sentinel: Querying for your Cyber Threat Indicators All CTI entries aren't just available to view in the "Threat Intelligence" page - they are stored in the Log Analytics Workspace table "ThreatIntelligenceIndicator". Here you will find the manually submissions, but also any automated feeds from STIX/TAXII.
sentinel Featured General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud