At Microsoft Secure, we are excited to announce several new innovations from the Microsoft Defender Threat Intelligence (MDTI) team. These updates enable our customers to access valuable, high-fidelity threat intelligence where, when, and how they need it:
- To optimize MDTI content for customers, we have enhanced the look and feel of vulnerability profiles and are releasing the full corpus of Microsoft’s intel profiles to the MDTI standard version.
- We are keeping pace with Copilot for Security as it evolves, launching a new side card experience in the threat intelligence blade of Defender XDR. We have also introduced new MDTI skills and promptbooks for Copilot that deliver more of Microsoft's world-class threat intelligence to the SOC at machine speed.
- Finally, as we continue to build a more comprehensive threat intelligence experience across Microsoft Defender XDR, we’re proud to announce that MDTI content is now available via the global search function.
Read more about what's rolling out at Microsoft Secure 2024 below:
New MDTI skills and workbooks for Copilot for Security
MDTI is making more threat intelligence available via new Copilot for Security skills and workbooks to help customers understand the full scope of attacks, anticipate the next steps of an ongoing campaign, and drive an optimal security plan for their organizations at machine speed and scale.
These include:
- Correlate MDTI data with Defender XDR information: These out-of-the-box prompt books correlate MDTI data with other critical security information from Defender XDR such as incidents and hunting activities to help a user understand the broader scope of an attack.
- Correlate MDTI Content with Threat Analytics (TA) content: When prompted, this skill reasons over threat intelligence content from MDTI and Threat Analytics, and provides a summary of the two, e.g., "Tell me everything Microsoft knows about [this threat actor]."
- Obtain current reputation TI for file hashes, URLs, Domains, and IPs: This skill shows the full information for hashes and URLs, including MDTI and SONAR data.
Register for our Tech Community Webinar in April 11 to learn more about how MDTI enables Copilot to deliver threat intelligence at machine speed.
MDTI side card experience
A brand-new Copilot for Security side card experience in the threat intelligence blade of Microsoft Defender XDR enables users to quickly query and summarize the powerful threat intelligence, security data, and other content available within the Intel Profile, Intel Explorer, and Threat Analytics tabs to add crucial context to incidents and investigations.
Register for our Tech Community Webinar on April 11 to learn more>
Unified Threat Intelligence Experience via Global Search
Microsoft Defender Threat Intelligence (MDTI) is now integrated across Microsoft Defender XDR to provide a comprehensive threat intelligence experience. Customers can return in-context information related to incidents, assets, and threats with a single search. Searches will return all relevant information from Microsoft products relating to incidents, assets, threat intelligence in MDTI, and Threat Analytics (TA).
Enhanced Vulnerability Profiles:
The Microsoft Defender Threat Intelligence (MDTI) team launched new updates to our vulnerability profiles that help provide world-class intelligence on vulnerabilities and exposures within the Defender XDR portal. These exciting enhancements, which create a more intuitive experience for surfacing content around CVEs that offer critical context threats and information within alerts and incidents, include:
- Enhanced layout and design to match threat actor and tooling intel profiles
- Adjusted CVE search behavior that returns all content related to a vulnerability
- Vulnerability profiles sorted by published date by default in list view, displaying a consistent feed of new, highly relevant CVEs
Intel Profiles available in the MDTI standard (free) edition
In November 2023, the Microsoft Defender Threat Intelligence (MDTI) team launched a standard edition of MDTI, a free version of the product that became available to all Defender XDR customers at Microsoft Ignite. At Microsoft Secure, we’re releasing Microsoft’s full set of Intel Profiles into the standard edition, expanding its library from 17 to more than 340.
These newly added profiles will not have the same depth of information that licensed MDTI users have via the premium experience, namely all content outside of the Snapshot (summary) section. However, they will materially expand the breadth of threat intelligence available to free users and showcase the substantial and always-expanding scope of threat activity that Microsoft tracks.
We want to hear from you!
Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. With an open dialogue, we can create a safer internet together. Learn more about MDTI and learn how to access the MDTI standard version at no cost.