Microsoft Defender Threat Intelligence portal

image

Microsoft has a new security portal at:

https://ti.defender.microsoft.com

which comes from their recent RiskIQ acquisition. In essence it is a place that you can search for security intelligence and information around all sorts of indicators.

image

If I for example search for an IP address that showed up in my Microsoft Sentinel as a known bad IP I see the above results.

image
If you look closely, you’ll see the ‘good’ stuff requires a subscription. How much is a subscription I hear you ask? Well, make sure you are sitting down before you proceed because it is:

image

Yup, that is US$4,1667.70 per month! Wow!

image

That said, the free or ‘community’ version does provide a lot of valuable information and I would recommend that you add the site to your list of tools when threat hunting. Personally, I would have liked to have seen a pay as you go (PAYG) option provisioned out of Azure like things such as Sentinel is. Hopefully, the price will come down or at least there may eventually be a tier that smaller business can live with. But for now, have a look and use the features provided for free as there are many. You can learn more from the documentation here:

What is Microsoft Defender Threat Intelligence (Defender TI)?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s