Unmask and neutralize modern adversaries and cyberthreats such as ransomware.
Contact Sales
Contact Sales to start a free trial or explore licensing options.
Uncover your adversaries
Expose and eliminate modern cyberthreats and their infrastructure using dynamic threat intelligence.
Identify cyberattackers and their tools
Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet.
Accelerate cyberthreat detection and remediation
Discover the full scope of a cyberattack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.
Enhance your security tools and workflows
Extend the reach and visibility of your existing security investments. Gain more context and understanding of cyberthreats with Microsoft Defender XDR, Microsoft Sentinel, and Copilot for Security.
Microsoft Defender Threat Intelligence
Learn how Defender Threat Intelligence enables security professionals to directly access, ingest, and act upon our powerful repository of threat intelligence built from 78 trillion signals and more than 10,000 multidisciplinary experts worldwide.
Watch the video
Capabilities
Uncover and help eliminate cyberthreats with Defender Threat Intelligence.
Get continuous threat intelligence Expose adversaries and their methods Enhance alert investigations Accelerate incident response Hunt cyberthreats as a team Expand prevention and improve security posture File and URL (detonation) intelligence
Get continuous threat intelligence
Get a complete view of the internet and track day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.
?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1147&hei=677&qlt=100&fit=constrain "Microsoft Defender Threat Intelligence | Microsoft Security (6)")
Expose adversaries and their methods
Understand the group behind an online attack, their methods, and how they typically operate.
Enhance alert investigations
Enrich Microsoft Sentinel and Defender XDR incident data with finished and raw threat intelligence to understand and uncover the full scale of a cyberthreat or cyberattack.
?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1147&hei=677&qlt=100&fit=constrain "Microsoft Defender Threat Intelligence | Microsoft Security (8)")
Accelerate incident response
Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by a cyberattacker or cyberthreat family.
Hunt cyberthreats as a team
Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of cyberthreat actors, tooling, and infrastructure with projects and intelligence profiles.
Expand prevention and improve security posture
Automatically uncover malicious entities and help stop outside cyberthreats by blocking internal resources from accessing dangerous internet resources.
-intelligence_Image_966x570?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1147&hei=677&qlt=100&fit=constrain "Microsoft Defender Threat Intelligence | Microsoft Security (11)")
File and URL (detonation) intelligence
Submit a file or URL to instantly know its reputation. Enrich security incidents with in-context threat intelligence.
Microsoft Copilot for Security is now generally available
Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.
Read the announcement Learn more about Copilot
How to use Microsoft Defender Threat Intelligence
Microsoft tracks more than 78 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's cyberthreats.
-337257-?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1920&qlt=85 "Microsoft Defender Threat Intelligence | Microsoft Security (13)")
Microsoft Defender Threat Intelligence (MDTI)containsa repository of raw and finished Microsoftthreat intelligence.This intelligence helps professionals analyze and act upon the trillions of security signalscollected by Microsoft and processed by security experts and machine learning. Powerful finished intelligence provides the latest on cyberthreat actors and their tools, tactics, and procedures. Unique security data sets show the infrastructure connections across the global cyberthreat landscape to uncover an organization’s vulnerabilities and enable teams to investigate the tools and systems used in cyberattacks. Defender Threat Intelligence complements the Microsoft Security suite and enhances SIEM, XDR, and AI solutions with powerfulthreatintelligencecontext.
More about the diagram
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal Microsoft Defender XDR Microsoft Sentinel
Unified portal
Detect and disrupt cyberthreats in near real time and streamline investigation and response.
Learn more about Microsoft unified XDR and SIEM
Explore Defender Threat Intelligence licenses
Defender Threat Intelligence—standard version
Use this free version of Defender Threat Intelligence to address global cyberthreats.
-
Free version includes:
-
Public indicators of compromise (IOCs)
-
Open-source intelligence (OSINT)
-
Common vulnerabilities and exposures (CVEs) database
-
Articles and analysis from Microsoft Threat Intelligence (limited1)
-
Defender Threat Intelligence datasets (limited2)
-
Intelligence Profiles (limited3)
Defender Threat Intelligence—premium version
Get full access to the operational, strategic, and tactical intelligence in the Defender Threat Intelligence content library and investigative workbench.
-
Premium version includes:
-
Public indicators of compromise (IOCs)
-
Open-source intelligence (OSINT)
-
Common vulnerabilities and exposures (CVEs) database
-
Articles and analysis from Microsoft Threat Intelligence
-
Defender Threat Intelligence datasets
-
Intelligence Profiles
-
Microsoft IOCs
-
Microsoft-enriched OSINT
-
URL and file intelligence
Related products
Use best-in-class Microsoft security products to help prevent and detect cyberattacks across your organization.
Learn more
Microsoft Sentinel
See and stop cyberthreats across your entire enterprise with intelligent security analytics.
Learn more
Microsoft Defender for Cloud
Increase protection in your multicloud and hybrid environments.
Learn more
Microsoft Defender External Attack Surface Management
Understand your security posture beyond the firewall.
Learn more
Additional resources
Announcement
Read the threat intelligence blog
Learn about the new threat intelligence offerings from Microsoft.
Learn more
Infographic
Help protect your business with threat intelligence
Learn how to use internet threat intelligence to protect your organization against cyberattacks.
Learn more
Documentation
Best practices and implementation
Get started with threat intelligence solutions for your organization today.
Learn more
Blog
Visit the Microsoft Defender Threat Intelligence blog
Learn from Defender Threat Intelligence experts, see what's new, and let us hear from you.
Learn more
Protect everything
Make your future more secure. Explore your security options today.
Contact Sales
