Strengthen your Zero Trust posture—a new, unified approach to security is here.
Microsoft Defender Threat Intelligence
Unmask and neutralize modern adversaries and cyberthreats such as ransomware.
Uncover your adversaries
Expose and eliminate modern cyberthreats and their infrastructure using dynamic threat intelligence.
Identify cyberattackers and their tools
Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet.
Accelerate cyberthreat detection and remediation
Discover the full scope of a cyberattack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.
Enhance your security tools and workflows
Extend the reach and visibility of your existing security investments. Gain more context and understanding of cyberthreats with Microsoft Defender XDR, Microsoft Sentinel, and Copilot for Security.
Microsoft Defender Threat Intelligence
Learn how Defender Threat Intelligence enables security professionals to directly access, ingest, and act upon our powerful repository of threat intelligence built from 78 trillion signals and more than 10,000 multidisciplinary experts worldwide.
Capabilities
Uncover and help eliminate cyberthreats with Defender Threat Intelligence.
Get continuous threat intelligence
Get a complete view of the internet and track day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.
Expose adversaries and their methods
Understand the group behind an online attack, their methods, and how they typically operate.
Enhance alert investigations
Enrich Microsoft Sentinel and Defender XDR incident data with finished and raw threat intelligence to understand and uncover the full scale of a cyberthreat or cyberattack.
Accelerate incident response
Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by a cyberattacker or cyberthreat family.
Hunt cyberthreats as a team
Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of cyberthreat actors, tooling, and infrastructure with projects and intelligence profiles.
Expand prevention and improve security posture
Automatically uncover malicious entities and help stop outside cyberthreats by blocking internal resources from accessing dangerous internet resources.
File and URL (detonation) intelligence
Submit a file or URL to instantly know its reputation. Enrich security incidents with in-context threat intelligence.
Microsoft Security Copilot is now generally available
Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.
How to use Microsoft Defender Threat Intelligence
Microsoft tracks more than 78 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's cyberthreats.
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal
Detect and disrupt cyberthreats in near-real time and streamline investigation and response.
Microsoft Defender XDR
Achieve unified security and visibility across your clouds, platforms, and endpoints.
Microsoft Sentinel
Aggregate security data and correlate alerts from virtually any source with cloud-native SIEM.
Explore Defender Threat Intelligence licenses
Defender Threat Intelligence—standard version
Use this free version of Defender Threat Intelligence to address global cyberthreats.
Defender Threat Intelligence—premium version
Get full access to the operational, strategic, and tactical intelligence in the Defender Threat Intelligence content library and investigative workbench.
Premium version includes:
-
Public indicators of compromise (IOCs)
-
Open-source intelligence (OSINT)
-
Common vulnerabilities and exposures (CVEs) database
-
Articles and analysis from Microsoft Threat Intelligence
-
Defender Threat Intelligence datasets
-
Intelligence Profiles
-
Microsoft IOCs
-
Microsoft-enriched OSINT
-
URL and file intelligence
Related products
Use best-in-class Microsoft security products to help prevent and detect cyberattacks across your organization.
Microsoft Sentinel
See and stop cyberthreats across your entire enterprise with intelligent security analytics.
Microsoft Defender for Cloud
Increase protection in your multicloud and hybrid environments.
Microsoft Defender External Attack Surface Management
Understand your security posture beyond the firewall.
Additional resources
Read the threat intelligence blog
Learn about the new threat intelligence offerings from Microsoft.
Help protect your business with threat intelligence
Learn how to use internet threat intelligence to protect your organization against cyberattacks.
Best practices and implementation
Get started with threat intelligence solutions for your organization today.
Visit the Microsoft Defender Threat Intelligence blog
Learn from Defender Threat Intelligence experts, see what's new, and let us hear from you.
Follow Microsoft Security