Site icon

What’s New: Defender TI Intel Reporting Dashboard and Workbook

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Strategic threat intelligence involves gathering and analyzing information to identify potential threats to an organization's security. This proactive approach helps companies anticipate and mitigate potential security risks. Reporting plays a crucial role in strategic threat intelligence by providing insights and data-driven recommendations to decision-makers. Threat intelligence reports are designed to deliver accurate and actionable information, enabling organizations to take appropriate measures to protect against potential threats.


In this blog post, we are excited to announce the launch of a new dashboard that enhances Microsoft's threat intelligence reporting capabilities. This dashboard provides a user-friendly interface that enables organizations to easily access and analyze threat intelligence data. With this new tool, decision-makers can make informed decisions to strengthen their security posture and protect against potential threats. In this post, we'll delve into the features of this dashboard and explore the benefits that each of the intelligence reporting it enables. 


Deploying the Solution


Before beginning the installation process, it's crucial to confirm that you have met the following prerequisites:



The above solution will deploy these resources into the target resource group:



To install the solution, navigate to this GitHub repository and press Deploy to Azure. Be sure to add the client ID and app secret you created in the custom deployment screen. This information will be saved in an Azure key vault.


Workbook Configuration


Post installation, navigate to the target Resource Group you deploy the solution and copy the Azure function name.



Open the workbook and in the “Deployed-AzureFunction.” Select the name you copied in Step one.




To set up the Defender TI Sentinel Incident View tab, choose the subscription and workspace for the Sentinel instance. Remember that although the remaining sections of this workbook do not depend on Sentinel data, you must still select a workspace in this tab.


How to use the Workbook


The workbook enables SOC analysts, threat hunters, and SOC operators to easily have a 360-degree view of adversaries and helps them identify the underlying infrastructure.


The solutions provided in the workbook:




Sentinel Incident View


This solution combines the indicators of compromise (IOCs) obtained from various Defender TI feeds, curates information on alerting and incidents for the Defender TI analytics engine, and presents a geographical visualization of some of these IOCs. This approach streamlines the data consolidation and enhances the Defender TI analytics engine's threat detection capabilities by providing a comprehensive overview of IOCs' spatial distribution on Microsoft Sentinel.





Figure Sentinel Incident View on Defender TI Workbook


Hostname Information


The Hostname information tab in the Defender TI workbook facilitates the following functions:






Figure Defender TI workbook ~Hostname Information Tab



IP Information


The IP address information tab in the Defender TI workbook facilitates the following functions:






Figure: IP information on Defender TI workbook



Defender TI Articles


Defender TI articles are designed to help security professionals understand the latest cyber threats and take proactive measures to protect their systems. Within the workbook, Defender TI articles aim to assist security experts in comprehending current cyber hazards and implementing proactive strategies to safeguard their systems. The article view offers a comprehensive view of Defender TI articles, enabling one to obtain insight into each Article's indicators and information. Using the search article ID method, users can also explore articles in detail and pivot through them by searching for specific case scenarios, industries, countries, and more.





Figure Defender TI Articles view within Defender TI Workbook.


Vulnerabilities Information


By utilizing CVEs (Common Vulnerabilities and Exposures), it is possible to conduct threat hunting by detecting system or network vulnerabilities, assessing their severity using the CVSS framework, ranking them according to risk level, and taking measures to mitigate them to minimize the likelihood of exploitation. Moreover, it is also possible to identify infrastructure components that are associated with the searched CVE.





Figure Vulnerability information Tab within the Defender TI Workbook



Intel Profiles


Intel Profiles, a single, reliable source of information in Defender TI security operations teams, can use to have instant insight into the threat ecosystem, including pertinent details about vulnerabilities, threat actors, and infrastructure used in attacks.






Figure Intel Profiles on Defender TI Workbook


Sign Up for a Trial



Defender TI Support


For any support-related issues regarding Microsoft Defender for Intelligence, please access this portal and select Security -> Microsoft Defender for Intelligence.  


We Want to Hear from You!


Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how Defender TI is helping your team stay on top of threats. With an open dialogue, we can create a safer internet together. Learn more about Defender TI and try it today.


Exit mobile version