Are you no longer maintaining RapidReleaseTI ? #27
Description
https://github.com/microsoft/mstic/tree/master/RapidReleaseTI
Last updated four months ago. Microsoft published multiple analytic rules in Sentinel that use this list as basis for detection and they are increasingly firing off false positives.
Maybe update the list or deprecate the analytic rules in Sentinel relating to RapidTI rules?
My suggestion would be to change all those analytic rules to just use the ThreatIntelligenceIndicator table, and then CTI personnel can spend time maintaining all IOCs within the ThreatIntelligenceTable, which would typically be from MISP, TAXII servers etc.