Blog Post

Microsoft Defender Threat Intelligence Blog
8 MIN READ

What's New: MDTI Microsoft Sentinel Playbooks

Sean_Wasonga's avatar
Sean_Wasonga
Icon for Microsoft rankMicrosoft
Mar 29, 2023
Microsoft Defender Threat Intelligence (MDTI) now has new ways to boost interoperability and help the SOC punch above its weight by responding to threats at scale. During Microsoft Secure, we introdu...
Updated Nov 14, 2023
Version 7.0
DTI Data
product highlight
Threat Actor
threat hunting
Sean_Wasonga's avatar
Sean_Wasonga
Icon for Microsoft rankMicrosoft
Feb 29, 2024

Hello Sentinel-PurpleTeam  

A couple of important points to note:

The Connector for MDTI facilitates the integration of MDTI Feeds into Sentinel. However, it's crucial to understand that these feeds are currently limited to the following types:

1) MDTI OSINT IOCs and

2) MSTIC Honeypot indicators.

Once integrated, these feeds are directed to the threat intelligence table, enriching your ability to detect potential threats.

 

Regarding the utilization of playbooks for enrichment purposes, it's essential to have access to the API and a Premium license. The required app permissions include Threat Intelligence Read All, as detailed in the Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn

For those interested in exploring a trial for MDTI Premium and API access, please work with your Microsoft Commercial Executive or select the "Contact Sales" button on this page and fill out the form to get in touch with Microsoft sales to begin your MDTI Premium trial.