From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Defender Threat Intelligence - Microsoft Security Copilot Tutorial

From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Defender Threat Intelligence

- [Instructor] Let's look at the Threat Intelligence capabilities in Microsoft Defender. What is threat intelligence? It's about collecting and analyzing data to understand current or potential threats. It helps us investigate the profiles of threat actors who conduct cyber attacks, identify their attack tactics, which are their goals or strategies, such as initial access, privilege escalation, or lateral movement. Techniques, their methods to execute the tactics, such as phishing, process injection, or remote services. And the procedures, the step-by-step actions to apply the techniques. From an organization's point of view, we can use threat intelligence to identify threats that pose the highest impact on us and discover vulnerable assets that may be exposed to these threats. Microsoft Defender Threat Intelligence enables you to access latest threat information and correlate it with your organization's environment. On the Microsoft Defender portal, you can access threat analytics reports, find intel profiles of threat actors, tools, and vulnerabilities, use intel explorer to search threat information, then create your intel projects to investigate indicators of compromise or IOC for specific artifacts, such as domains, URLs, and IP addresses. Now, let's do a quick demo of Microsoft Defender Threat Intelligence. Here's the Microsoft Defender portal. Under Threat Intelligence, click Threat analytics. You will see a list of reports. You can also use Copilot in Defender to summarize or prioritize the threats. Threat analytics also categorizes threats into latest threats that are most recent threat reports, high-impact threats that relate to organization's active or closed alerts, and the highest exposure threats that target the vulnerabilities in the organization's assets, such as desktops or applications. Select Intel profiles. You can access Microsoft's shareable knowledge on threat actors, malicious tools, and vulnerabilities. Click Intel explorer. You can search for threat information, for example, search a CVE number, CVE-2024-5274. CVE stands for Common Vulnerabilities and Exposures. It will find the related information for you. Click Intel projects. You can create your project to investigate selected artifacts.

Contents