Update

SOC optimization support for unused columns (Preview)

Microsoft Sentinel now ingests all STIX objects and indicators into new threat intelligence tables (Preview)
Microsoft Sentinel now ingests STIX objects and indicators into the new threat intelligence tables, ThreatIntelIndicators and ThreatIntelObjects. The new tables support the new STIX 2.1 schema, which lets you ingest and query various threat intelligence objects, including identity, attack-pattern, threat-actor, and relationship.

Microsoft Sentinel will ingest all threat intelligence into the new ThreatIntelIndicators and ThreatIntelObjects tables, while continuing to ingest the same data into the legacy ThreatIntelligenceIndicator table until July 31, 2025.**

Be sure to update your custom queries, analytics and detection rules, workbooks, and automation to use the new tables by July 31, 2025. After this date, Microsoft Sentinel will stop ingesting data to the legacy ThreatIntelligenceIndicator table. We're updating all out-of-the-box threat intelligence solutions in Content hub to leverage the new tables.

For more information, see the following articles:

Threat intelligence in Microsoft Sentinel
Work with STIX objects and indicators to enhance threat intelligence and threat hunting in Microsoft Sentinel (Preview)

SOC optimization support for unused columns (Preview)
To optimize your cost/security value ratio, SOC optimization surfaces hardly used data connectors or tables. SOC optimization now surfaces unused columns in your tables. For more information, see SOC optimization reference of recommendations.

Version: April 2025 Link
Receive Important Update Messages Stay tuned for upcoming Microsoft Sentinel updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech