[Bug]: TI Lookups using Microsoft Sentinel provider failing due to new table and schema in Sentinel

**Describe the bug**
The TI provider (and built in queries) for Sentinel Threat Intel use the old [ThreatIntelligenceIndicator](https://github.com/microsoft/msticpy/blob/3093f1464909cb97dd77e7bd61a8ba794c284878/msticpy/data/queries/mssentinel/kql_sent_threatintel.yaml#L14) table instead of the new ThreatIntelIndicators.  As the old table is no longer being populated with TI data, it will return 0 results even if there is matching TI stored in Sentinel

**To Reproduce**
Steps to reproduce the behavior:

1. Create a piece of TI in Sentinel
2. Use IpAddress.tilookup_ip() to try and find it
3. Get 0 results

**Expected behavior**
Matching TI from Sentinel should be returned

**Additional context**
https://learn.microsoft.com/en-us/azure/sentinel/work-with-threat-indicators?tabs=defender-portal#find-and-view-threat-intelligence-with-queries


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug]: TI Lookups using Microsoft Sentinel provider failing due to new table and schema in Sentinel #855

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug]: TI Lookups using Microsoft Sentinel provider failing due to new table and schema in Sentinel #855

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions