Merge pull request #50296 from KenMAG/main

Revised and updated the treat intelligence connector module with new units

Author: JamesJBarnett

learn-pr/wwl-sci/.openpublishing.redirection.wwl-sci.json

@@ -321,6 +321,31 @@
         "source_path_from_root": "/learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/5a-describe-entra-permissions-management.yml",
         "redirect_url": "https://learn.microsoft.com/training/paths/describe-capabilities-of-microsoft-identity-access/",
         "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/3-connect-threat-intelligence-taxii-connector.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/4-connect-threat-intelligence-taxii-connector/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/4-connect-threat-intelligence-platforms-connector.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-platforms-connector/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-view-your-threat-indicators.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/7-view-your-threat-indicators/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-knowledge-check.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/8-knowledge-check/",
+        "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-summary-resources.yml",
+        "redirect_url": "https://learn.microsoft.com/training/modules/connect-threat-indicators-to-azure-sentinel/9-summary-resources/",
+        "redirect_document_id": false
       }
     ]
 }

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/1-introduction.yml

@@ -4,8 +4,8 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 06/27/2022
-  author: wwlpublish
+  ms.date: 05/06/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/2-plan-for-threat-intelligence-connectors.yml

@@ -4,8 +4,8 @@ title: Plan for threat intelligence connectors
 metadata:
   title: Plan for threat intelligence connectors
   description: "Plan for threat intelligence connectors"
-  ms.date: 06/27/2022
-  author: wwlpublish
+  ms.date: 05/06/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/3-connect-defender-threat-intelligence-connector.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.defender-threat-intelligence-connector
+title: Connect the Defender Threat Intelligence connector
+metadata:
+  title: Connect the Defender Threat Intelligence connector
+  description: "Learn how to install, configure, and connect the Microsoft Defender Threat Intelligence (MDTI) connector in Microsoft Sentinel."
+  ms.date: 05/06/2025
+  author: KenMAG
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 10
+content: |
+  [!include[](includes/3-connect-defender-threat-intelligence-connector.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/3-connect-threat-intelligence-taxii-connector.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/4-connect-threat-intelligence-taxii-connector.yml

@@ -4,12 +4,12 @@ title: Connect the threat intelligence TAXII connector
 metadata:
   title: Connect the threat intelligence TAXII connector
   description: "Connect the threat intelligence TAXII connector"
-  ms.date: 06/27/2022
-  author: wwlpublish
+  ms.date: 05/06/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false
 labModal: false
 durationInMinutes: 5
 content: |
-  [!include[](includes/3-connect-threat-intelligence-taxii-connector.md)]
+  [!include[](includes/4-connect-threat-intelligence-taxii-connector.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/4-connect-threat-intelligence-platforms-connector.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-connect-threat-intelligence-platforms-connector.yml

@@ -12,4 +12,4 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/4-connect-threat-intelligence-platforms-connector.md)]
+  [!include[](includes/5-connect-threat-intelligence-platforms-connector.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-connect-threat-intelligence-upload-api-connector.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.intelligence-upload-api-connector
+title: Connect the threat intelligence Upload API connector
+metadata:
+  title: Connect the threat intelligence Upload API connector
+  description: "By using the Threat Intelligence Upload API, your organization can ingest custom threat intelligence data into Microsoft Sentinel."
+  ms.date: 05/05/2025
+  author: KenMAG
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 1
+content: |
+  [!include[](includes/6-connect-threat-intelligence-upload-api-connector.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/5-view-your-threat-indicators.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-view-your-threat-indicators.yml

@@ -1,5 +1,6 @@
 ### YamlMime:ModuleUnit
-uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.view-your-with-kql
+uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.view-your-threat-indicators
+
 title: View your threat indicators with KQL
 metadata:
   title: View your threat indicators with KQL
@@ -12,4 +13,4 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/5-view-your-threat-indicators.md)]
+  [!include[](includes/7-view-your-threat-indicators.md)]

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/6-knowledge-check.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/8-knowledge-check.yml

@@ -1,18 +1,19 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.knowledge-check
+
 title: Module assessment
 metadata:
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 06/27/2022
-  author: wwlpublish
+  ms.date: 05/06/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/6-knowledge-check.md)]
+  [!include[](includes/8-knowledge-check.md)]
 quiz:
   title: "Check your knowledge"
   questions:
@@ -31,21 +32,21 @@ quiz:
     choices:
     - content: "1.1"
       isCorrect: false
-      explanation: "Incorrect.  TAXII version 2.0 and 2.1 are supported."
+      explanation: "Incorrect. TAXII version 2.0 and 2.1 are supported."
     - content: "1.0"
       isCorrect: false
-      explanation: "Incorrect.  TAXII version 2.0 and 2.1 are supported."
+      explanation: "Incorrect. TAXII version 2.0 and 2.1 are supported."
     - content: "2.1"
       isCorrect: true
-      explanation: "Correct.  TAXII version 2.0 and 2.1 are supported."
-  - content: "Threat Intelligence Platform connector uses which technology to send data to Microsoft Sentinel?"
+      explanation: "Correct. TAXII version 2.0 and 2.1 are supported."
+  - content: "Threat Intelligence Upload API uses which technology to authenticate with Microsoft Entra ID?"
     choices:
-    - content: "Azure Functions"
+    - content: "Microsoft Azure managed identities"
       isCorrect: false
-      explanation: "Incorrect.  The Microsoft Graph Security API is utilized."
-    - content: "App Service"
+      explanation: "Incorrect. OAuth 2.0 authentication is utilized."
+    - content: "Multifactor authentication"
       isCorrect: false
-      explanation: "Incorrect.  The Microsoft Graph Security API is utilized."
-    - content: "Microsoft Graph Security API"
+      explanation: "Incorrect. OAuth 2.0 authentication is utilized."
+    - content: "OAuth 2.0 authentication"
       isCorrect: true
-      explanation: "Correct.  The Microsoft Graph Security API is utilized."
+      explanation: "Correct. OAuth 2.0 authentication is utilized."

learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/7-summary-resources.yml renamed to learn-pr/wwl-sci/connect-threat-indicators-to-azure-sentinel/9-summary-resources.yml

@@ -1,5 +1,6 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.connect-threat-indicators-to-azure-sentinel.summary-resources
+
 title: Summary and resources
 metadata:
   title: Summary and resources
@@ -12,4 +13,4 @@ azureSandbox: false
 labModal: false
 durationInMinutes: 3
 content: |
-  [!include[](includes/7-summary-resources.md)]
+  [!include[](includes/9-summary-resources.md)]