The Microsoft Defender Threat Intelligence (MDTI) team continuously adds new threat intelligence capabilities to MDTI and Defender XDR, giving customers new ways to hunt, research, and contextualize threats.
Today, we are excited to share a new feature that enhances our file and URL analysis (detonation) capabilities in the threat intelligence blade within the Defender XDR user interface. If MDTI cannot return any results when a customer searches for a file or URL, MDTI now automatically detonates it to improve search coverage and add to our corpus of knowledge of the global threat landscape:
Here's how it works:
- The detonation request for the searched file or URL entity is processed asynchronously in the background in the United States region.
- If the end user is not served with a reputation and detonation results at the time of the search request. A subsequent search request for the same entity is initiated in the background.
- Although there are no fixed SLAs regarding the volume and availability of the auto-detonated results, we aim to provide the results within 2 hours, depending on the load.
Next time you search and don't find anything, don't worry. The system is working in the background to give you better results later!
Next steps
Whether you are just kick-starting a threat intelligence program or looking to augment your existing threat intelligence toolset, the MDTI standard version can add critical context to your existing security investigations, keep your organization informed on current threats through leading research and intel profiles, provide crucial brand intelligence, and help you to collect powerful threat intelligence associated with your organization or others in your industry - all free of charge.
To learn more about how you and your organization can leverage MDTI, watch our overview video and follow our "Become an MDTI Ninja" training path today.