update data sources and indicators section

austinmccollum · austinmccollum · commit 72e3b15200d3 · 2023-03-20T13:46:37.000-05:00
diff --git a/articles/sentinel/use-matching-analytics-to-detect-threats.md b/articles/sentinel/use-matching-analytics-to-detect-threats.md
@@ -57,6 +57,10 @@ Microsoft Threat Intelligence Analytics matches your logs with domain, IP and U
 
 - **Syslog** events where `Facility == "cron"` ingested into the **Syslog** table will match domain and IPv4 indicators directly from the `SyslogMessage` field. 
 
+- **Office activity logs** ingested into the **OfficeActivity** table will match IPv4 indicators directly from the `ClientIP` field.
+
+- **Azure activity logs** ingested into the **AzureActivity** table will match IPv4 indicators directly from the `CallerIpAddress` field.
+
 
 ## Triage an incident generated by matching analytics
 
