add mdti portion

austinmccollum · austinmccollum · commit 4a5c0a5d92d9 · 2022-10-04T16:42:19.000-05:00
diff --git a/articles/sentinel/media/use-matching-analytics-to-detect-threats/mdti-article-link.png b/articles/sentinel/media/use-matching-analytics-to-detect-threats/mdti-article-link.png
diff --git a/articles/sentinel/use-matching-analytics-to-detect-threats.md b/articles/sentinel/use-matching-analytics-to-detect-threats.md
@@ -84,6 +84,13 @@ In the **Threat Intelligence** page:
 
 :::image type="content" source="media/work-with-threat-indicators/matching-analytics-threat-intelligence.png" alt-text="Screenshot of the Threat Intelligence overview with an indicator selecting showing the details pain and the source as Microsoft Threat Intelligence Analytics.":::
 
+## Get additional context from Microsoft Defender Threat Intelligence
+
+Part of the Microsoft Threat Intelligence available through matching analytics is sourced from Microsoft Defender Threat Intelligence (MDTI). Along with high fidelity alerts and incidents, MDTI indicators include the link to a reference article in their community portal.
+
+:::image type="content" source="media/use-matching-analytics-to-detect-threats/mdti-article-link.png" alt-text="Screenshot of an incident with a link to the reference MDTI article.":::
+
+For more information, see the [MDTI portal](https://ti.defender.microsoft.com).
 
 ## Next steps
 
diff --git a/articles/sentinel/use-threat-indicators-in-analytics-rules.md b/articles/sentinel/use-threat-indicators-in-analytics-rules.md
@@ -73,7 +73,7 @@ According to the default settings, each time the rule runs on its schedule, any
 
 In Microsoft Sentinel, the alerts generated from analytics rules also generate security incidents, which can be found in **Incidents** under **Threat Management** on the Microsoft Sentinel menu. Incidents are what your security operations teams will triage and investigate to determine the appropriate response actions. You can find detailed information in this [Tutorial: Investigate incidents with Microsoft Sentinel](./investigate-cases.md).
 
-Microsoft Sentinel refreshes indicators every 12 days to make sure they are available for matching purposes through the analytic rules. 
+Since analytic rules constrain lookups beyond 14 days, Microsoft Sentinel refreshes indicators every 12 days to make sure they are available for matching purposes through the analytic rules. 
 
 ## Next steps
 
