You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Last updated four months ago. Microsoft published multiple analytic rules in Sentinel that use this list as basis for detection and they are increasingly firing off false positives.
Maybe update the list or deprecate the analytic rules in Sentinel relating to RapidTI rules?
My suggestion would be to change all those analytic rules to just use the ThreatIntelligenceIndicator table, and then CTI personnel can spend time maintaining all IOCs within the ThreatIntelligenceTable, which would typically be from MISP, TAXII servers etc.
The text was updated successfully, but these errors were encountered:
https://github.com/microsoft/mstic/tree/master/RapidReleaseTI
Last updated four months ago. Microsoft published multiple analytic rules in Sentinel that use this list as basis for detection and they are increasingly firing off false positives.
Maybe update the list or deprecate the analytic rules in Sentinel relating to RapidTI rules?
My suggestion would be to change all those analytic rules to just use the ThreatIntelligenceIndicator table, and then CTI personnel can spend time maintaining all IOCs within the ThreatIntelligenceTable, which would typically be from MISP, TAXII servers etc.
The text was updated successfully, but these errors were encountered: