What is Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA)?
MDTI
Microsoft Defender Threat Intelligence (MDTI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering raw and finished threat intelligence.
TA
Threat analytics (TA) is our in-product threat intelligence solution from expert Microsoft security researchers. It's designed to assist security teams to be as efficient as possible while facing emerging threats, such as:
- Active threat actors and their campaigns
- Popular and new attack techniques
- Critical vulnerabilities
- Common attack surfaces
- Prevalent malware
Plugin Key Features
Copilot for Security delivers information about threat actors, indicators of compromise (IOCs), tools, and vulnerabilities, as well as contextual threat intelligence from Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA). Copilot users can leverage prompts and promptbooks to investigate incidents, enrich their hunting flows with threat intelligence information as well as gain more knowledge about threats facing their organization or the globe.
- Summarize the latest threats related to your organization
- Prioritize which threats to focus on based on your environment's highest exposure level to these threats
- Ask about the threat actors targeting the communications infrastructure
Copilot Experiences
Standalone
Skills
- Look up threat intelligence
- Look up threat intelligence information like intelligence profiles, articles, and threat analytics.
- Get CVE details by IDs
- Get the details and remediation for a list of CVES IDs.
- Get CVE mitigation
- Get the mitigation or remediation steps of a given CVE.
- Get DNS resolutions by host name
- Get the DNS resolutions of a given hostname.
- Get DNS resolutions by IP address
- Get the DNS resolutions for a given IP address.
- Get intelligence profile indicators of compromise
- Get the indicators of compromise (IOCs) related to a given intelligence profile.
- Get reputation for indicators of compromise
- Get the reputation details for a list of indicators of compromise.
Promptbooks
- Vulnerability Impact Assessment
- Threat Actor Profile
- For more on both of these promptbooks, see Using promptbooks in Microsoft Copilot for Security | Microsoft Learn.
Sample Prompts
- Please find our sample prompts published in our GitHub repository.
Embedded
Microsoft Copilot for Security’s embedded experience in Microsoft Defender XDR’s Threat Intelligence blade features, “Threat Analytics”, “Intel Explorer”, “Intel Profiles, and “Intel Projects” deliver Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA) information about threat actors and tools, as well as contextual threat intelligence, directly into the Microsoft Defender portal. Users will find three “example prompts” within the Copilot for Security pane.
Users will see example prompts when launching the Copilot pane from the Intel Profiles Threat Intelligence XDR feature
Leveraging Copilot to address ransomware activity associated with my organization’s assets.
Leveraging Copilot to identify threat actor groups known to use credential harvesting tactics.
Leveraging Copilot to identify recent healthcare industry threats.
Additional resources
- Microsoft Copilot for Security and Microsoft Defender Threat Intelligence | Microsoft Learn
- Use Microsoft Copilot for Security for threat intelligence | Microsoft Learn
- TI at machine speed | Using MDTI in Copilot for Security
- How MDTI Helps Power Copilot for Security - Microsoft Community Hub
- A Copilot for Security Customer’s Guide to MDTI - Microsoft Community Hub
- Microsoft Defender Threat Intelligence Ninja Training
- Microsoft Defender XDR Ninja Training (Module 4: Threat Analytics)
Learn more about Copilot for Security
To learn more about Microsoft Copilot for Security, visit aka.ms/CopilotForSecurity or contact your Microsoft sales representative. If you missed us at Microsoft Secure, you may watch the replay video.