Skip to content

Commit 43286b8

Browse files
yelevinyelevin
committed
Added TOC entry
1 parent 36b49c1 commit 43286b8

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

articles/sentinel/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,8 @@
282282
href: indicators-bulk-file-import.md
283283
- name: Work with threat indicators
284284
href: work-with-threat-indicators.md
285+
- name: Add entity to threat indicators
286+
href: add-entity-to-threat-intelligence.md
285287
- name: Monitor and visualize data
286288
items:
287289
- name: Visualize collected data

articles/sentinel/add-entity-to-threat-intelligence.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ When investigating an incident, you examine entities and their context as an imp
1313

1414
For example, you may discover an IP address performing port scans across your network, or functioning as a command and control node, sending and/or receiving transmissions from large numbers of nodes in your network.
1515

16-
Microsoft Sentinel allows you to flag the entity as malicious, right from within the investigation graph. You'll then be able to view this indicator both in Logs and in the Threat Intelligence blade in Sentinel.
16+
Microsoft Sentinel allows you to flag the entity as malicious, right from within the investigation graph. You'll then be able to view this indicator both in Logs and in the Threat Intelligence blade, and use it across your Microsoft Sentinel workspace.
1717

1818
> [!IMPORTANT]
1919
> Adding entities as TI indicators is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -30,6 +30,12 @@ The [investigation graph](investigate-cases.md) is a visual, intuitive tool that
3030

3131
1. Select the entity from the graph that you want to add as a threat indicator. A side panel will open on the right. Select **Add to TI**.
3232

33+
Only the following types of entities can be added as threat indicators:
34+
- Domain name
35+
- IP address (IPv4 and IPv6)
36+
- URL
37+
- File (hash)
38+
3339
:::image type="content" source="media/add-entity-to-threat-intelligence/add-entity-to-ti.png" alt-text="Screenshot of adding entity to threat intelligence.":::
3440

3541
1. The **New indicator** side panel will open. The following fields will be populated automatically:

0 commit comments

Comments
 (0)