add whats new ingestion rules

Author: austinmccollum

articles/sentinel/media/use-matching-analytics-to-detect-threats/matching-analytics-template-ga.png

@@ -152,7 +152,7 @@ The following STIX objects are available in Microsoft Sentinel:
 
 ### Configure ingestion rules
 
-Take full control of threat intelligence feeds by filtering and optimizing the intel before it's delivered to your workspace. Ingestion rules update attributes, or filter objects out all together. The following table lists some use cases:
+Optimize threat intelligence feeds by filtering and enhancing objects before they're delivered to your workspace. Ingestion rules update attributes, or filter objects out all together. The following table lists some use cases:
 
 | Ingestion rule use case | Description |
 |---|---|
@@ -163,7 +163,7 @@ Take full control of threat intelligence feeds by filtering and optimizing the i
 :::image type="content" source="media/understand-threat-intelligence/ingestion-rules-overview.png" alt-text="Screenshot shows four ingestion rules matching the use cases.":::
 
 Keep in mind the following tips for using ingestion rules:
-- All rules apply in order. Threat intelligence objects being ingested will get processed by each rule until a `Delete` action is taken.
+- All rules apply in order. Threat intelligence objects being ingested will get processed by each rule until a `Delete` action is taken. If no action is taken on an object, it is ingested from the source as is.
 - The `Delete` action means the threat intelligence object is skipped for ingestion, meaning it's removed from the pipeline. Any previous versions of the object already ingested aren't affected.
 - New and edited rules take up to 15 minutes to take effect.
 

articles/sentinel/understand-threat-intelligence.md

@@ -4,7 +4,7 @@ titleSuffix: Microsoft Sentinel
 description: This article explains how to detect threats with Microsoft-generated threat intelligence in Microsoft Sentinel.
 author: austinmccollum
 ms.topic: how-to
-ms.date: 3/14/2024
+ms.date: 01/28/2025
 ms.author: austinmc
 appliesto:
     - Microsoft Sentinel in the Azure portal
@@ -20,10 +20,6 @@ ms.collection: usx-security
 
 Take advantage of threat intelligence produced by Microsoft to generate high-fidelity alerts and incidents with the **Microsoft Defender Threat Intelligence Analytics** rule. This built-in rule in Microsoft Sentinel matches indicators with Common Event Format (CEF) logs, Windows DNS events with domain and IPv4 threat indicators, syslog data, and more.
 
-> [!IMPORTANT]
-> Matching analytics is currently in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
->
-
 ## Prerequisites
 
 You must install one or more of the supported data connectors to produce high-fidelity alerts and incidents. A premium Microsoft Defender Threat Intelligence license isn't required. Install the appropriate solutions from the **Content hub** to connect these data sources:

articles/sentinel/use-matching-analytics-to-detect-threats.md

@@ -23,13 +23,20 @@ Get notified when this page is updated by copying and pasting the following URL
 
 ## January 2025
 
+ -[Optimize threat intelligence feeds with ingestion rules](#optimize-threat-intelligence-feeds-with-ingestion-rules)
 - [Threat intelligence management interface updated](#threat-intelligence-management-interface-has-moved)
 - [Unlock advanced hunting with new STIX objects by opting in to new threat intelligence tables](#unlock-advanced-hunting-with-new-stix-objects-by-opting-in-to-new-threat-intelligence-tables)
 - [Threat intelligence upload API now supports more STIX objects](#threat-intelligence-upload-api-now-supports-more-stix-objects)
 - [Microsoft Defender Threat Intelligence data connectors now generally available (GA)](#microsoft-defender-threat-intelligence-data-connectors-now-generally-available-ga)
 - [Bicep template support for repositories (Preview)](#bicep-template-support-for-repositories-preview)
 - [View granular solution content in the Microsoft Sentinel content hub](#view-granular-solution-content-in-the-microsoft-sentinel-content-hub)
 
+### Optimize threat intelligence feeds with ingestion rules
+
+Optimize threat intelligence feeds by filtering and enhancing objects before they're delivered to your workspace. Ingestion rules update threat intel object attributes, or filter objects out all together.
+
+For more information, see [Understand threat intelligence ingestion rules](understand-threat-intelligence.md#configure-ingestion-rules)
+
 ### Threat intelligence management interface has moved
 
 Threat intelligence for Microsoft Sentinel in the Defender portal has changed! We've renamed the page **Intel management** and moved it with other threat intelligence workflows. There's no change for customers using Microsoft Sentinel in the Azure experience.

articles/sentinel/whats-new.md

@@ -89,6 +89,8 @@ Reduce noise from your TI feeds, extend the validity of high value indicators, a
 
 :::image type="content" source="media/work-with-threat-indicators/new-ingestion-rule.png" alt-text="Screenshot showing new ingestion rule creation for extending valid until date.":::
 
+For more information, see [Understand threat intelligence ingestion rules](understand-threat-intelligence.md#configure-ingestion-rules).
+
 ### Curate threat intelligence with the relationship builder
 
 Connect threat intelligence objects with the relationship builder. There's a maximum of 20 relationships in the builder at once, but more connections can be created through multiple iterations and by adding relationship target references for new objects.