Merge pull request #50328 from KenMAG/main

Removed obsolete unit and updated the view threat intelligence unit

Author: Stacyrch140

learn-pr/wwl-sci/.openpublishing.redirection.wwl-sci.json

@@ -342,6 +342,31 @@
         "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/8-knowledge-check/",
         "redirect_document_id": false
       },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-platforms-connector.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-upload-api-connector/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-connect-threat-intelligence-upload-api-connector.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-upload-api-connector/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-view-your-threat-indicators.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/6-view-your-threat-indicators/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/8-knowledge-check.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/7-knowledge-check/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/9-summary-resources.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/8-summary-resources/",
+        "redirect_document_id": false
+      },
       {
         "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-summary-resources.yml",
         "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/9-summary-resources/",

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-platforms-connector.yml

@@ -12,4 +12,4 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 1
 content: |
-  [!include[](includes/6-connect-threat-intelligence-upload-api-connector.md)]
+  [!include[](includes/5-connect-threat-intelligence-upload-api-connector.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-connect-threat-intelligence-upload-api-connector.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-upload-api-connector.yml

@@ -5,12 +5,12 @@ title: View your threat indicators with KQL
 metadata:
   title: View your threat indicators with KQL
   description: "View your threat indicators with KQL"
-  ms.date: 06/27/2022
-  author: wwlpublish
+  ms.date: 05/07/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false
 labModal: false
-durationInMinutes: 3
+durationInMinutes: 5
 content: |
-  [!include[](includes/7-view-your-threat-indicators.md)]
+  [!include[](includes/6-view-your-threat-indicators.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-view-your-threat-indicators.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-view-your-threat-indicators.yml

@@ -13,7 +13,7 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/8-knowledge-check.md)]
+  [!include[](includes/7-knowledge-check.md)]
 quiz:
   title: "Check your knowledge"
   questions:

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/8-knowledge-check.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-knowledge-check.yml

@@ -13,4 +13,4 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/9-summary-resources.md)]
+  [!include[](includes/8-summary-resources.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/9-summary-resources.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/8-summary-resources.yml

@@ -0,0 +1,12 @@
+The indicators reside in the ThreatIntelligenceIndicator table. This table is the basis for queries performed by other Microsoft Sentinel features such as Analytics and Workbooks. Here's how to find and view your threat indicators in the ThreatIntelligenceIndicator table.
+
+To view your threat indicators with KQL. Select Logs from the General section of the Microsoft Sentinel menu. Then run a query on the ThreatIntelligenceIndicator.
+
+```kusto
+`ThreatIntelligenceIndicator`
+
+```
+
+> [!IMPORTANT]
+> On April 3, 2025, we publicly previewed two new tables to support STIX indicator and object schemas: `ThreatIntelIndicators` and `ThreatIntelObjects`. Microsoft Sentinel will ingest all threat intelligence into these new tables, while continuing to ingest the same data into the legacy `ThreatIntelligenceIndicator` table until July 31, 2025.
+> **Be sure to update your custom queries, analytics and detection rules, workbooks, and automation to use the new tables by July 31, 2025.** After this date, Microsoft Sentinel will stop ingesting data to the legacy `ThreatIntelligenceIndicator` table. We're updating all out-of-the-box threat intelligence solutions in Content hub to leverage the new tables. For more information about the new table schemas, see [ThreatIntelIndicators](/azure/azure-monitor/reference/tables/threatintelindicators) and [ThreatIntelObjects](/azure/azure-monitor/reference/tables/threatintelobjects).