#mdti

2024-02-09

๐‡๐จ๐ฐ ๐Œ๐ƒ๐“๐ˆ ๐‡๐ž๐ฅ๐ฉ๐ฌ ๐๐จ๐ฐ๐ž๐ซ ๐‚๐จ๐ฉ๐ข๐ฅ๐จ๐ญ ๐Ÿ๐จ๐ซ ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ

A critical aspect of any security analyst's work is keeping up to date with the latest developments in the threat landscape. Copilot for Security allows users to make simple requests known as prompts to learn about threat actors, tools, indicators of compromise (IoCs), and threat intelligence related to their organization's security incidents and alerts.

Below, are three important scenarios the MDTI plugin on Copilot for Security helps teams with:

โœ”The Reactive approach

โžก Emphasizes investigations and enhancing threat intelligence enrichment and additional context for the entities involved in the incident.

โœ”The Proactive approach

โžกEmphasizing the ability to detect and address threats targeting organizations like mine. It uses threat intelligence to prioritize incidents, trace possible intrusions, and expedite mitigation of misconfigurations and vulnerable software, while simultaneously assessing the organization's impact and posture against specific threats.

โœ”Keeping up with the latest threat intelligence Trends

โžกDetecting emerging threats by analyzing articles and trends, and subsequently disseminating relevant threat data.

techcommunity.microsoft.com/t5

#copilot #copilotforsecurity #securitycopilot #microsoftsecurity #microsoft #azure #cyber #cybersecurity #threatintellitence #ti #mdti #defender #defenderthreatintelligence #soc #investigation #cloudsecurity #ai #genai #generativeai #azureopenai #openai

2023-10-15

๐—จ๐—ป๐—น๐—ผ๐—ฐ๐—ธ๐—ถ๐—ป๐—ด ๐˜๐—ต๐—ฒ ๐—ฃ๐—ผ๐˜„๐—ฒ๐—ฟ ๐—ผ๐—ณ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—œ๐—ป๐˜๐—ฒ๐—น๐—น๐—ถ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ ๐˜„๐—ถ๐˜๐—ต ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐—ข๐—ฝ๐—ฒ๐—ป๐—”๐—œ ๐—ฎ๐—ป๐—ฑ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—œ๐—ป๐˜๐—ฒ๐—น๐—น๐—ถ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ

I'm excited to share my recent side project! ๐Ÿ’ปโœจ

I've been exploring the incredible potential of a simple web app for engaging in conversations with threat intelligence data. In my case, I harnessed the power of Microsoft Defender Threat Intelligence.

All the details are in the following blog post:

medium.com/@antonio.formato/ch

I'd love to hear your thoughts and feedback.

This project has been an eye-opener for me, demonstrating how Generative AI can be a game-changer in the realm of cybersecurity. I hope it serves as a valuable starting point for other innovative applications in the cybersecurity space.

Let's connect and discuss how technology can empower us in the ever-evolving world of cybersecurity. ๐ŸŒ๐Ÿ›ก๏ธ

#azure #azureopenai #llm #chatbot #threatintelligence #ti #microsoft #microsoftdefenderthreatintelligence #mdti #cyber #cybersecurity #soc #threatactors #threatanalysis #ttp #ioc #securityanalyst #microsoftsecurity #largelanguagemodel #gpt4 #azurelogicapps #logicapps #cognitiveservices #dev #chat

2023-08-24

Today, I refreshed my understanding of ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—œ๐—ป๐˜๐—ฒ๐—น๐—น๐—ถ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ and completed the knowledge check.

I highly recommend everyone to explore the Microsoft Defender Threat Intelligence Ninja Training โ€“ it's incredibly useful and informative!

techcommunity.microsoft.com/t5

#microsoft #MicrosoftDefenderThreatIntelligence #threatintelligence #mdti #azure #soc #cybersecurity #learning #learningtime

2023-08-22

๐—œ๐—ป๐˜๐—ฒ๐—ด๐—ฟ๐—ฎ๐˜๐—ถ๐—ป๐—ด ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—˜๐˜…๐˜๐—ฒ๐—ฟ๐—ป๐—ฎ๐—น ๐—”๐˜๐˜๐—ฎ๐—ฐ๐—ธ ๐—ฆ๐˜‚๐—ฟ๐—ณ๐—ฎ๐—ฐ๐—ฒ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐˜„๐—ถ๐˜๐—ต ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—œ๐—ป๐˜๐—ฒ๐—น๐—น๐—ถ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ

Integration's core goal? Promptly alert you via email if any MDTI insights demand immediate attention.

Here's how it works:

1. Cross-Referencing Domains: Leverage the power of MDEASM by cross-referencing all discovered domains with MDTI articles.

2. Keyword Extraction: Extract keywords from MDEASM's domains and cross-check them with MDTI's database. Even if specific domains aren't mentioned, research might hint at your organization's presence on threat actors' radar.

3. Threat Actor Analysis: Elevate your response by examining the gathered data against Intel Profiles. If a domain or keyword aligns with known threat actors, red flags are waving high.

4. Reputation Check: checking the domains against the transparent reputation score in MDTI. If there is a score then it could be that the your organization has been targeted already or that there is some reputational damage should be rectified urgently

#Cybersecurity #ThreatIntelligence #azure #defender #easm #ti #mdeasm #mdti #cloud #cloudsecurity #xdr #soc #ioc

techcommunity.microsoft.com/t5

2023-05-10

I had change to deploy "Defender TI Intel Reporting Dashboard and Workbook".

Really useful and well done.

his dashboard provides a user-friendly interface that enables organizations to easily access and analyze threat intelligence data.

I really suggest to have a look at: techcommunity.microsoft.com/t5

Link to deploy: github.com/Azure/MDTI-Solution

Thanks for sharing, Yaniv Shasha

#threatintelligence #defenderthreatintelligence #mdti #microsoftsecurity #microsoft #azure #sentinel #microsoftsentinel #api #workbook #reporting #ioc #soc #threathunting #intelligence #ti #azure #cloudsecurity #cve #vulnerabilities #siem #soar #cloudnative #cloud

rodtrent :verified:rodtrent@infosec.exchange
2023-03-29

Once you have the MDTI Connector and Solution working, this will show the TI only from the MDTI connector rodtrent.com/w2w

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #MicrosoftDefender #MDTI #MustLearnKQL #KQL

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst