Microsoft Defender Threat Intelligence
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.2 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2023-03-23 |
| Solution Folder | Microsoft Defender Threat Intelligence |
| Marketplace | Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: 🟢 High (92%) |
Microsoft centralizes numerous data sets into a single platform, Microsoft Defender Threat Intelligence (MDTI), making it easier for Microsoft’s community and customers to conduct infrastructure analysis. Microsoft’s primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases and enabling automation for Incident management in Microsoft Sentinel.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 1 table(s) from its content items:
| Table | Used By Content |
|---|---|
ThreatIntelligenceIndicator |
Workbooks |
Internal Tables
The following 2 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
Content Items
This solution includes 8 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 7 |
| Workbooks | 1 |
Workbooks
| Name | Tables Used |
|---|---|
| MicrosoftThreatIntelligence | ThreatIntelligenceIndicatorInternal use: SecurityAlertSecurityIncident |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| MDTI-Automated-Triage | This playbook uses the MDTI Reputation data to automatically enrich incidents generated by Microsoft... | - |
| MDTI-Data-Cookies | This playbook uses the MDTI Components data to automatically enrich incidents generated by Microsoft... | - |
| MDTI-Data-PassiveDns | This playbook enriches Microsoft Sentinel incidents by querying Microsoft Defender Threat Intelligen... | - |
| MDTI-Data-ReverseDnS | This logic app automatically retrieves and enriches incident indicators generated by Microsoft Senti... | - |
| MDTI-Data-Trackers | This logic app automatically retrieves and enriches incident indicators generated by Microsoft Senti... | - |
| MDTI-Data-WebComponents | This playbook uses the MDTI Components data to automatically enrich incidents generated by Microsoft... | - |
| MDTI-Intel-Reputation | This playbook uses the MDTI API to automatically enrich incidents generated by Microsoft Sentinel. R... | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 20-09-2025 | Updated Playbooks to use managde identity for authentication. |
| 3.0.1 | 01-12-2024 | Added Playbooks for enhanced solution workflows. |
| 3.0.0 | 11-11-2023 | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊