Merge pull request #287730 from austinmccollum/patch-1

add ASIM tables

Author: prmerger-automator[bot]

articles/sentinel/use-matching-analytics-to-detect-threats.md

@@ -30,6 +30,8 @@ You must install one or more of the supported data connectors to produce high-fi
   - Syslog
   - Office activity logs
   - Azure activity logs
+  - ASIM DNS logs
+  - ASIM Network sessions
 
   :::image type="content" source="media/use-matching-analytics-to-detect-threats/data-sources.png" alt-text="A screenshot that shows the Microsoft Defender Threat Intelligence Analytics rule data source connections."::: 
 
@@ -70,6 +72,8 @@ Microsoft Defender Threat Intelligence Analytics matches your logs with domain,
 - **Syslog events**, where `Facility == "cron"` ingested into the `Syslog` table matches domain and IPv4 indicators directly from the `SyslogMessage` field.
 - **Office activity logs** ingested into the `OfficeActivity` table match IPv4 indicators directly from the `ClientIP` field.
 - **Azure activity logs** ingested into the `AzureActivity` table match IPv4 indicators directly from the `CallerIpAddress` field.
+- **ASIM DNS logs** ingested into the `ASimDnsActivityLogs` table match domain indicators if populated in the `DnsQuery` field, and IPv4 indicators in the `DnsResponseName` field.
+- **ASIM Network Sessions** ingested into the `ASimNetworkSessionLogs` table match IPv4 indicators if populated in one or more of the following fields: `DstIpAddr`, `DstNatIpAddr`, `SrcNatIpAddr`, `SrcIpAddr`, `DvcIpAddr`.
 
 ## Triage an incident generated by matching analytics