Introducing Threat Intelligence Ingestion Rules

Microsoft

Feb 14, 2025

Boost Your Threat Intel Game with Microsoft Sentinel’s New Curation at Scale

Microsoft Sentinel just rolled out a powerful new public preview feature: Ingestion Rules. This feature lets you fine-tune your threat intelligence (TI) feeds before they are ingested to Microsoft Se...

Updated Feb 14, 2025

Version 1.0

automation

microsoft defender xdr

microsoft sentinel

security operations

siem

threat detection and response

Microsoft

Joined August 27, 2020

View Profile

Microsoft Sentinel Blog

Follow this blog board to get notified when there's new activity

GaryBushey

Bronze Contributor

Feb 16, 2025

Great feature but I have to ask, if a feed is known to generate a lot of false positives, why is Microsoft even including it?

Sebabulte
Copper Contributor
Feb 17, 2025
Because this blog talks about ingesting your own TI sources which you control yourself, be that via TAXII or manual upload. Many companies like to integrate with free TI sources which are more prone to less qualitative IOC's, and this may help further control data ingestion.

Blog Post

Introducing Threat Intelligence Ingestion Rules

Boost Your Threat Intel Game with Microsoft Sentinel’s New Curation at Scale

Share