We’re thrilled to share that the unified APIs that are part of the Microsoft Graph are now generally available! These APIs come with a single endpoint, permissions, auth model, and access token. The Microsoft Defender Threat Intelligence (Defender TI) API for Incidents, Alerts, and Hunting allows organizations to query Defender TI data to operationalize intelligence …
Unified MDTI APIs in Microsoft Graph Now GA Continue Reading
Cybersecurity incidents can be complex and challenging to investigate, requiring advanced tools and techniques to identify the scope of the attack, determine the adversary’s tactics and procedures, and develop an effective response strategy. Microsoft Defender Threat Intelligence (MDTI) provides robust tools and features that enable security analysts to quickly investigate incidents and respond to cyber …
Using MDTI with the Diamond Model for Threat Intelligence Continue Reading
Microsoft Defender Threat Intelligence (Defender TI) now includes File Hash and URL Search capabilities, enabling researchers, analysts, hunters, and security responders to search for high-quality threat intelligence, including verdicts and associated metadata. This feature empowers security professionals to effectively utilize threat intelligence in their threat-hunting and investigation activities. Defender TI leverages Microsoft’s threat intelligence through …
What’s New: Hash and URL Search Intelligence Continue Reading
We’re thrilled to introduce Intel Profiles, a single, reliable source of information in Microsoft Defender Threat Intelligence (Defender TI) security operations teams can use to have instant insight into the threat ecosystem, including pertinent details about vulnerabilities, threat actors, and infrastructure used in attacks. Intel profiles combine 65 trillion threat signals with the expertise of over …
What’s New: Intel Profiles Deliver Crucial Information, Context About Threats Continue Reading
Imagine you are a Threat Hunter or a SECOPS Analyst. You were alerted to a possible suspicious IP Address communicating with a system within your network. Questions you can use the IP address to answer are if it is anywhere else on the network, what systems or servers are communicating with it, whether its behavior …
Infrastructure Chaining with Microsoft Defender Threat Intelligence Continue Reading
Threat Hunting is the use of tactics, techniques, and processes to detect cyber adversaries that have bypassed an organization’s layered security strategy and are now inside their network. Threat hunters must find, contain, and remove those adversaries before they can cause significant damage. To succeed in this mission, they need access to current, relevant, and …
How Microsoft Defender Threat Intelligence Enables Threat Hunting Success Continue Reading
