Microsoft Copilot for Security Defender Threat Intelligence and Threat Analytics Plugin Overview
Published Apr 15 2024 11:00 AM 1,607 Views

What is Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA)?


MDTI


Microsoft Defender Threat Intelligence (MDTI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering raw and finished threat intelligence.

 

TA


Threat analytics (TA) is our in-product threat intelligence solution from expert Microsoft security researchers. It's designed to assist security teams to be as efficient as possible while facing emerging threats, such as:

  • Active threat actors and their campaigns
  • Popular and new attack techniques
  • Critical vulnerabilities
  • Common attack surfaces
  • Prevalent malware

 

Plugin Key Features


Copilot for Security delivers information about threat actors, indicators of compromise (IOCs), tools, and vulnerabilities, as well as contextual threat intelligence from Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA). Copilot users can leverage prompts and promptbooks to investigate incidents, enrich their hunting flows with threat intelligence information as well as gain more knowledge about threats facing their organization or the globe.

  • Summarize the latest threats related to your organization
  • Prioritize which threats to focus on based on your environment's highest exposure level to these threats
  • Ask about the threat actors targeting the communications infrastructure

 

Copilot Experiences


Standalone

 

Skills

  • Look up threat intelligence
    • Look up threat intelligence information like intelligence profiles, articles, and threat analytics.

FindThreatIntelligence.png

  • Get CVE details by IDs
    • Get the details and remediation for a list of CVES IDs.

GetCveDetailsByIds.png

  • Get CVE mitigation
    • Get the mitigation or remediation steps of a given CVE.

GetCveMitigation.png

  • Get DNS resolutions by host name
    • Get the DNS resolutions of a given hostname.

GetDnsResolutionsByHostname.png

  • Get DNS resolutions by IP address
    • Get the DNS resolutions for a given IP address.

GetDnsResolutionsByIpAddress.png

  • Get intelligence profile indicators of compromise
    • Get the indicators of compromise (IOCs) related to a given intelligence profile.

GetIntelligenceProfileIocs.png

  • Get reputation for indicators of compromise
    • Get the reputation details for a list of indicators of compromise.

GetReputationForIocs.png

Promptbooks

Sample Prompts

 

Embedded

 

Microsoft Copilot for Security’s embedded experience in Microsoft Defender XDR’s Threat Intelligence blade features, “Threat Analytics”, “Intel Explorer”, “Intel Profiles, and “Intel Projects” deliver Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA) information about threat actors and tools, as well as contextual threat intelligence, directly into the Microsoft Defender portal. Users will find three “example prompts” within the Copilot for Security pane.

 

Highlights example prompts available when opening up Copilot pane from the Intel Profiles Threat Intelligence XDR featureHighlights example prompts available when opening up Copilot pane from the Intel Profiles Threat Intelligence XDR feature

Users will see example prompts when launching the Copilot pane from the Intel Profiles Threat Intelligence XDR feature

 

Threat Analytics embedded prompt response.png

Leveraging Copilot to address ransomware activity associated with my organization’s assets.

 

Intel Profiles embedded prompt response.png

 

Leveraging Copilot to identify threat actor groups known to use credential harvesting tactics.

Intel Explorer embedded prompt response.png

Leveraging Copilot to identify recent healthcare industry threats.

 

Additional resources

 

 

Learn more about Copilot for Security

 

To learn more about Microsoft Copilot for Security, visit aka.ms/CopilotForSecurity or contact your Microsoft sales representative. If you missed us at Microsoft Secure, you may watch the replay video.

Version history
Last update:
‎Apr 16 2024 07:37 AM
Updated by: