Merge pull request #304304 from poliveria/poliveria-corrections

prmerger-automator[bot] · web-flow · commit 3a361a2ae99b · 2025-08-18T08:21:54.000Z
Poliveria corrections
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -4,7 +4,7 @@ titleSuffix: Microsoft Sentinel
 description: Understand threat intelligence and how it integrates with features in Microsoft Sentinel to analyze data, detect threats, and enrich alerts.
 author: guywi-ms
 ms.topic: concept-article
-ms.date: 02/27/2025
+ms.date: 08/18/2025
 ms.author: guywild
 ms.reviewer: alsheheb
 appliesto:
@@ -222,7 +222,7 @@ View your threat intelligence from the management interface or using queries:
 
 ### Threat intelligence lifecycle
 
-Microsoft Sentinel stores threat intelligence data in your threat intelligence tables and automatically reingests all data every seven days to optimize query efficiency.
+Microsoft Sentinel stores threat intelligence data in your threat intelligence tables and automatically reingests all data every seven to 10 days to optimize query efficiency.
 
 When an indicator is created, updated, or deleted, Microsoft Sentinel creates a new entry in the tables. Only the most current indicator appears on the management interface. Microsoft Sentinel deduplicates indicators based on the `Id` property (the `IndicatorId` property in the legacy `ThreatIntelligenceIndicator`) and chooses the indicator with the newest `TimeGenerated[UTC]`.
 
diff --git a/articles/sentinel/use-threat-indicators-in-analytics-rules.md b/articles/sentinel/use-threat-indicators-in-analytics-rules.md
@@ -77,7 +77,7 @@ According to the default settings, each time the rule runs on its schedule, any
 In Microsoft Sentinel, the alerts generated from analytics rules also generate security incidents. On the Microsoft Sentinel menu, under **Threat Management**, select **Incidents**. Incidents are what your security operations teams triage and investigate to determine the appropriate response actions. For more information, see [Tutorial: Investigate incidents with Microsoft Sentinel](./investigate-cases.md).
 
 > [!NOTE]
-> Because analytic rules constrain lookups beyond 14 days, Microsoft Sentinel refreshes indicators every 12 days to make sure they're available for matching purposes through the analytic rules.
+> Because analytic rules constrain lookups beyond 14 days, Microsoft Sentinel refreshes indicators every seven to 10 days to make sure they're available for matching purposes through the analytic rules.
 
 ## Related content
 
