F0rm4tMicrosoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
➡Upload IOC to a storage account\public GitHub
➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
➡M365 Defender Raw Event Detection
➡M365D Raw events flow into Sentinel with the M365 Defender Data connector
➡MDTI Feeds flow into Sentinel with MDTI Data connector
➡Manual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp
What’s New: MDTI Interoperability with Microsoft 365 Defender
Microsoft Defender Threat Intelligence (Defender TI) helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows, aggregating and enriching critical threat information in an easy-to-use interface. At Microsoft Secure, we announced new features,...