Introducing the Microsoft Defender Threat Intelligence Community

image

Microsoft Threat Intelligence (MDTI) is a complete threat intelligence platform that enables security professionals to ingest, analyze and act upon massive signal collected from across the internet, processed by security experts and . It allows users to uncover and understand their organization's external , including context around vulnerabilities and the tools and systems adversaries use to attack and exploit them.

Microsoft Defender Threat Intelligence Standard Edition (formerly known as Community) is a free, lightweight version of MDTI, offering the same industry-leading threat-hunting experience with limited access to MDTI's data sets. Users can expedite investigations by connecting internal activity, events, and incident indicators of compromise (IOCs) artifacts to external threats, attackers, and threat tooling.

Below is an overview of the Standard and Premium user experience. Organizations interested in purchasing Premium licenses may do so by getting in touch with their Microsoft Commercial Executive (read more). Any user with a Microsoft account (e.g., hotmail.com, onmicrosoft.com) can sign up for an MDTI Standard account. Users that sign into the MDTI platform, ti.defender.microsoft.com, will go through Microsoft's standard process to log in. 

Feature Category Feature MDTI Standard (Free) * Comment MDTI Premium * Comment
Finished Intelligence Articles Yes – Limited Limited amount of articles are available. Yes  
Public Indicators Yes   Yes  
Defender TI Indicators No   Yes  
Intel Profiles (Actors & Tools) Yes – Limited Limited amount of intel profiles are available. Yes  
Ability to filter intel profiles by industry / vertical No   Yes  
Open-source CVEs database Yes   Yes  
CVE Priority Score Yes   Yes  
Vulnerability (CVE) Profiles No* Additional content on CVEs added by Microsoft's Research & Intelligence team is only available with MDTI Premium. Yes  
Raw Intelligence (Reputation, Analyst Insights, and Datasets) Reputation against IPs, hosts (domains, subdomains, etc.), URLs, and hashes No   Yes  
Analyst Insights Yes   Yes  
Resolutions (pDNS A records) Yes – 14 day history   Yes  
WHOIS Yes   Yes  
WHOIS History No   Yes  
Certificates Yes – 14 day history   Yes  
Subdomains Yes   Yes  
Trackers Yes – 14 day history   Yes  
Components Yes – 14 day history   Yes  
Host Pairs No   Yes  
Cookies No   Yes*  
         
DNS Yes – 14 day history   Yes  
Reverse Yes – 14 day history   Yes  
Detonation Intelligence Malware sample detonation (snapshot & analysis insights) No   Yes  
URL sample detonation (snapshot & analysis insights) No   Yes  
Projects (Investigative Case Management) Unlimited projects Yes* Private projects only Yes  
Third-Party Integrations Silobreaker No* MDTI Standard does not offer MDTI API access. Therefore, third-party integrations will not be supported. Yes  
First-Party Integrations Microsoft Defender for Endpoint / M365 Yes   Yes  
Microsoft Sentinel Yes* MDTI Standard users can enable the “Microsoft Defender Threat Intelligence data connector + TI map rules” or the “Microsoft Defender Threat Intelligence” analytic rule to generate more detections to their Microsoft Sentinel Threat Intelligence blade. Yes* MDTI Premium users can enable the “Microsoft Defender Threat Intelligence data connector + TI map rules” or the “Microsoft Defender Threat Intelligence” analytic rule to generate more detections to their Microsoft Sentinel Threat Intelligence blade. Microsoft Sentinel + MDTI Premium users can also take advantage of MDTI's playbooks for incident triage and enrichment and MDTI's workbook for visualizing and addressing threat intelligence related inquiries. Notebooks may also be deployed in Microsoft Sentinel for advanced threat hunting (searching against various TI sources / automated hunting investigations).
Microsoft Security Copilot No   Yes* Account will require a Security Copilot subscription to leverage the MDTI integration within Security Copilot. 
API RESTful API associated with product features No   Yes* MDTI Premium users can access the MDTI API as long as their organization procured that MDTI API SKU.

MDTI Standard edition puts advanced Microsoft threat intelligence and investigation capabilities in the hands of defenders across the globe, free of charge. By registering, threat hunters and incident responders have instant access to actionable, integrated, and relevant intelligence derived from the trillions of signals collected by Microsoft to become active contributors to defending the internet for all.

Register for MDTI Standard for free today.

 

This article was originally published by Microsoft's Defender Threat Intelligence Blog. You can find the original article here.