Merge pull request #231370 from austinmccollum/austinmc-mdti-secure

update data sources and matching criteria

Author: prmerger-automator[bot]

articles/sentinel/use-matching-analytics-to-detect-threats.md

@@ -10,7 +10,7 @@ ms.author: austinmc
 
 # Use matching analytics to detect threats
 
-Take advantage of threat intelligence produced by Microsoft to generate high fidelity alerts and incidents with the **Microsoft Threat Intelligence Analytics** rule. This rule will match Common Event Format (CEF) logs, Syslog data or Windows DNS events with domain, IP and URL threat indicators.
+Take advantage of threat intelligence produced by Microsoft to generate high fidelity alerts and incidents with the **Microsoft Threat Intelligence Analytics** rule. Check the prerequisites to validate which logs this rule will match indicators with.
 
 > [!IMPORTANT]
 > Matching analytics is currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -23,6 +23,8 @@ One or more of the following data sources must be connected:
 - Common Event Format (CEF)
 - DNS (Preview)
 - Syslog
+- Office activity logs
+- Azure activity logs
 
 :::image type="content" source="media/use-matching-analytics-to-detect-threats/data-sources.png" alt-text="A screenshot showing the Microsoft Threat Intelligence Analytics rule data source connections.":::