Microsoft Defender Threat Intelligence (Defender TI) delivers global threat intelligence context directly into Security Copilot. It enriches indicators of compromise with reputation data, geolocation, and campaign associations - providing external visibility beyond your tenant for higher quality threat analysis. Defender TI surfaces detailed threat actor profiles with TTPs, infrastructure mappings, and recommended detections so analysts can understand adversary behavior and prioritize response actions.
Profile threat actors with TTPs, infrastructure, and targeting to understand adversary behavior and motivations.
Enrich indicators of compromise with reputation, geolocation, and associated campaigns for faster triage.
Research CVEs with exploit availability, affected assets, and remediation priority to focus patching efforts.
Track active threat campaigns with infrastructure mapping to identify related attacks across your environment.
Leverage open-source intelligence alongside Microsoft threat data for comprehensive threat context.
Natural language queries for threat intelligence research - ask Copilot about threat actors, IOCs, and vulnerabilities.