Microsoft Sentinel customers have had the capability to organize Threat Indicators through tagging.
But now the ability to modify any Threat indicator is possible. For any indicator provided by Microsoft Sentinel, all fields are editable. For partner indicators, only specific fields are editable such as the tags, Expiration date, Confidence, and Revoked fields.
Select an indicator and right-click to expose the Edit menu option.
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.