add screenshot object to markdown

Author: austinmccollum

articles/sentinel/understand-threat-intelligence.md

@@ -101,6 +101,8 @@ For more information, see [Connect Microsoft Sentinel to STIX/TAXII threat intel
 
 View and manage your indicators in the **Threat Intelligence** page. Sort, filter, and search your imported threat indicators without even writing a Log Analytics query. 
 
+:::image type="content" source="media/understand-threat-intelligence/advanced-search.png" alt-text="Screenshot of advanced search interface with source and pattern conditions selected." lightbox="media/understand-threat-intelligence/advanced-search.png":::
+
 Perform two of the most common threat intelligence tasks: indicator tagging and creating new indicators related to security investigations. Create or edit the threat indicators directly within the Threat Intelligence page when the you only need to manage a few quickly.
 
 Tagging threat indicators is an easy way to group them together to make them easier to find. Typically, you might apply a tag to indicators related to a particular incident, or to those representing threats from a particular known actor or well-known attack campaign. Tag threat indicators individually, or multi-select indicators and tag them all at once. Here is an example screenshot of tagging multiple indicators with an incident ID. Since tagging is free-form, a recommended practice is to create standard naming conventions for threat indicator tags. Indicators allow applying multiple tags.