You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure Sentinel templates include a new rule kind ThreatIntelligence. It would be useful if this could be deployed by AzSentinel.
It looks like this:
{
"ThreatIntelligence": [
{
"alertRuleTemplateName": "xyz",
"severity": "Medium",
"tactics": [
"Persistence",
"LateralMovement"
],
"displayName": "(Preview) Microsoft Threat Intelligence Analytics",
"enabled": true,
"description": "This rule generates an alert when a Microsoft Threat Intelligence Indicator gets matched with your event logs. The alerts are very high fidelity.\n\nNote : It is advised to turn off any custom alert rules which match the threat intelligence indicators with the same event logs matched by this analytics to prevent duplicate alerts.",
"name": "xyz",
"kind": "ThreatIntelligence"
}
]
}
The text was updated successfully, but these errors were encountered:
Summary of the new feature/enhancement
Azure Sentinel templates include a new rule kind
ThreatIntelligence. It would be useful if this could be deployed by AzSentinel.It looks like this:
{ "ThreatIntelligence": [ { "alertRuleTemplateName": "xyz", "severity": "Medium", "tactics": [ "Persistence", "LateralMovement" ], "displayName": "(Preview) Microsoft Threat Intelligence Analytics", "enabled": true, "description": "This rule generates an alert when a Microsoft Threat Intelligence Indicator gets matched with your event logs. The alerts are very high fidelity.\n\nNote : It is advised to turn off any custom alert rules which match the threat intelligence indicators with the same event logs matched by this analytics to prevent duplicate alerts.", "name": "xyz", "kind": "ThreatIntelligence" } ] }The text was updated successfully, but these errors were encountered: