Microsoft Defender Threat Intelligence

Help protect your organization from modern adversaries and threats like ransomware.

Three people working together at a desk.

Uncover your adversaries

Help eliminate modern threats and their infrastructure with dynamic threat intelligence.

Identify attackers and their tools

Understand how your online connections work and identify your potential threat exposures with a complete map of the internet.

Accelerate detection and remediation

Discover the full scope of an attack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block a single IP address or domain.

Enhance your security tools and workflows

Extend the reach and visibility of your existing security investments. Use the raw cyberthreat intelligence of effective security tools to gain more context and understand threats more deeply.

Microsoft Defender Threat Intelligence

Gain an unparalleled view of the ever-changing threat landscape. Defender Threat Intelligence maps the entire internet to expose threat actors and their infrastructure. Get the cyberthreat intelligence you need to block an entire attack and keep your organization safe from complex threats like ransomware.

Capabilities

Uncover and help eliminate threats with Defender Threat Intelligence.

A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous threat intelligence

Scan the internet to create a complete picture of day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.

A document titled Risk IQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence.

Expose adversaries and their methods

Understand the group behind an online attack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Combine Microsoft Sentinel and Microsoft 365 Defender incident data with external threat intelligence to uncover the full scale of a threat or attack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove a single malicious IP or domain and all the known entities and resources operated by an attacker or threat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt threats as a team

Easily collaborate on investigations across global teams using the Defender Threat Intelligence workbench. Share insights across the organization.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Export lists of malicious entities, IPs, and domains. Block internal resources from accessing dangerous internet resources and help stop outside threats.

A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous threat intelligence

Scan the internet to create a complete picture of day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.

A document titled Risk IQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence.

Expose adversaries and their methods

Understand the group behind an online attack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Combine Microsoft Sentinel and Microsoft 365 Defender incident data with external threat intelligence to uncover the full scale of a threat or attack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove a single malicious IP or domain and all the known entities and resources operated by an attacker or threat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt threats as a team

Easily collaborate on investigations across global teams using the Defender Threat Intelligence workbench. Share insights across the organization.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Export lists of malicious entities, IPs, and domains. Block internal resources from accessing dangerous internet resources and help stop outside threats.

How Microsoft Defender Threat Intelligence works

Microsoft tracks over 24 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's threats.

Integrated threat protection with SIEM and XDR

Microsoft empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Combine security information and event management (SIEM) and extended detection and response (XDR) to increase efficiency and effectiveness while securing your digital estate.

Microsoft 365 Defender

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

An overview dashboard in Microsoft 365 Defender showing active threats, active incidents, users at risk, devices at risk and more.

Microsoft 365 Defender

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

Related products

Use best-in-class Microsoft security products to help prevent and detect attacks across your organization.

Additional resources

Protect everything

Make your future more secure. Explore your security options today.

Microsoft Defender Threat Intelligence is a complete threat intelligence platform. It helps security professionals analyze and act upon signals collected from the internet by a global collection network and processed by security experts and machine learning. These data sets show the infrastructure connections across the global threat landscape, uncovering an organization’s external attack surface and enabling teams to investigate the tools and systems used to attack it. Defender Threat Intelligence provides external context for internal security incidents via SIEM and XDR capabilities in Microsoft Sentinel and Microsoft 365 Defender.