Strategic threat intelligence involves gathering and analyzing information to identify potential threats to an organization's security. This proactive approach helps companies anticipate and mitigate potential security risks. Reporting plays a crucial role in strategic threat intelligence by providing insights and data-driven recommendations to decision-makers. Threat intelligence reports are designed to deliver accurate and actionable information, enabling organizations to take appropriate measures to protect against potential threats.
In this blog post, we are excited to announce the launch of a new dashboard that enhances Microsoft's threat intelligence reporting capabilities. This dashboard provides a user-friendly interface that enables organizations to easily access and analyze threat intelligence data. With this new tool, decision-makers can make informed decisions to strengthen their security posture and protect against potential threats. In this post, we'll delve into the features of this dashboard and explore the benefits that each of the intelligence reporting it enables.
Before beginning the installation process, it's crucial to confirm that you have met the following prerequisites:
The above solution will deploy these resources into the target resource group:
To install the solution, navigate to this GitHub repository and press Deploy to Azure. Be sure to add the client ID and app secret you created in the custom deployment screen. This information will be saved in an Azure key vault.
Post installation, navigate to the target Resource Group you deploy the solution and copy the Azure function name.
Open the workbook and in the “Deployed-AzureFunction.” Select the name you copied in Step one.
To set up the MDTI Sentinel Incident View tab, choose the subscription and workspace for the Sentinel instance. Remember that although the remaining sections of this workbook do not depend on Sentinel data, you must still select a workspace in this tab.
The workbook enables SOC analysts, threat hunters, and SOC operators to easily have a 360-degree view of adversaries and helps them identify the underlying infrastructure.
The solutions provided in the workbook:
This solution combines the indicators of compromise (IOCs) obtained from various MDTI feeds, curates information on alerting and incidents for the MDTI analytics engine, and presents a geographical visualization of some of these IOCs. This approach streamlines the data consolidation and enhances the MDTI analytics engine's threat detection capabilities by providing a comprehensive overview of IOCs' spatial distribution on Microsoft Sentinel.
Actions:
Figure Sentinel Incident View on MDTI Workbook
The Hostname information tab in the MDTI workbook facilitates the following functions:
Actions:
Figure MDTI workbook ~Hostname Information Tab
The IP address information tab in the MDTI workbook facilitates the following functions:
Actions:
Figure: IP information on MDTI workbook
MDTI articles are designed to help security professionals understand the latest cyber threats and take proactive measures to protect their systems. Within the workbook, MDTI articles aim to assist security experts in comprehending current cyber hazards and implementing proactive strategies to safeguard their systems. The article view offers a comprehensive view of MDTI articles, enabling one to obtain insight into each Article's indicators and information. Using the search article ID method, users can also explore articles in detail and pivot through them by searching for specific case scenarios, industries, countries, and more.
Actions:
Figure MDTI Articles view within MDTI Workbook.
By utilizing CVEs (Common Vulnerabilities and Exposures), it is possible to conduct threat hunting by detecting system or network vulnerabilities, assessing their severity using the CVSS framework, ranking them according to risk level, and taking measures to mitigate them to minimize the likelihood of exploitation. Moreover, it is also possible to identify infrastructure components that are associated with the searched CVE.
Action:
Figure Vulnerability information Tab within the MDTI Workbook
Intel Profiles, a single, reliable source of information in MDTI security operations teams, can use to have instant insight into the threat ecosystem, including pertinent details about vulnerabilities, threat actors, and infrastructure used in attacks.
Action:
Figure Intel Profiles on MDTI Workbook
For any support-related issues regarding Microsoft Defender for Intelligence, please access this portal https://support.serviceshub.microsoft.com/supportforbusiness/create and select Security -> Microsoft Defender for Intelligence.
Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. With an open dialogue, we can create a safer internet together. Learn more about MDTI.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.