This is the Trace Id: ecffa0a365961810394ef8d5f59e8981
Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Education Automotive Financial services Government Healthcare Manufacturing Retail Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Strengthen your Zero Trust posture—a new, unified approach to security is here

Read the blog

Microsoft Defender Threat Intelligence

Unmask and neutralize modern adversaries and cyberthreats such as ransomware.

Contact Sales
Contact Sales to start a free trial or explore licensing options.
Three people working together at a desk.

Uncover your adversaries

Expose and eliminate modern cyberthreats and their infrastructure using dynamic threat intelligence.

Identify cyberattackers and their tools

Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet.

Accelerate cyberthreat detection and remediation

Discover the full scope of a cyberattack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.

Enhance your security tools and workflows

Extend the reach and visibility of your existing security investments. Gain more context and understanding of cyberthreats with Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Security Copilot.

Microsoft Defender Threat Intelligence

Learn how Defender Threat Intelligence enables security professionals to directly access, ingest, and act upon our powerful repository of threat intelligence built from 78 trillion signals and more than 10,000 multidisciplinary experts worldwide.

Watch the video
Video container

Capabilities

Uncover and help eliminate cyberthreats with Defender Threat Intelligence. 

Get continuous threat intelligence Expose adversaries and their methods Enhance alert investigations Accelerate incident response Hunt cyberthreats as a team Expand prevention and improve security posture File and URL (detonation) intelligence
A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous threat intelligence

Get a complete view of the internet and track day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.

A document titled RiskIQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence

Expose adversaries and their methods

Understand the group behind an online attack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Enrich Microsoft Sentinel and Defender XDR incident data with finished and raw threat intelligence to understand and uncover the full scale of a cyberthreat or cyberattack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by a cyberattacker or cyberthreat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt cyberthreats as a team

Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of cyberthreat actors, tooling, and infrastructure with projects and intelligence profiles.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Automatically uncover malicious entities and help stop outside cyberthreats by blocking internal resources from accessing dangerous internet resources.

Screenshot of detonation analysis

File and URL (detonation) intelligence

Submit a file or URL to instantly know its reputation. Enrich security incidents with in-context threat intelligence.

Back to tabs

Microsoft Security Copilot is now generally available

Use natural language queries to investigate incidents with Copilot, now with integrations across the Microsoft Security suite of products.

Read the announcement Learn more about Copilot

How to use Microsoft Defender Threat Intelligence

Microsoft tracks more than 78 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's cyberthreats.

A diagram showing how Defender Threat Intelligence works through advanced internet reconnaissance, analysis, and dynamic threat intelligence and how it’s made available to customers.

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Animation of microsoft defender dashboard homepage

Unified portal

Detect and disrupt cyberthreats in near-real time and streamline investigation and response.

Learn more about Microsoft unified XDR and SIEM
Back to tabs

Explore Defender Threat Intelligence licenses

Defender Threat Intelligence—standard version

Use this free version of Defender Threat Intelligence to address global cyberthreats.

Free version includes:

  • Public indicators of compromise (IOCs)

  • Open-source intelligence (OSINT)

  • Common vulnerabilities and exposures (CVEs) database

  • Articles and analysis from Microsoft Threat Intelligence (limited1)

  • Defender Threat Intelligence datasets (limited2)

  • Intelligence Profiles (limited3)

Defender Threat Intelligence—premium version

Get full access to the operational, strategic, and tactical intelligence in the Defender Threat Intelligence content library and investigative workbench. 

Premium version includes:

  • Public indicators of compromise (IOCs)

  • Open-source intelligence (OSINT)

  • Common vulnerabilities and exposures (CVEs) database

  • Articles and analysis from Microsoft Threat Intelligence 

  • Defender Threat Intelligence datasets

  • Intelligence Profiles

  • Microsoft IOCs

  • Microsoft-enriched OSINT

  • URL and file intelligence

Related products

Use best-in-class Microsoft security products to help prevent and detect cyberattacks across your organization.

Learn more
A person having a conversation at their desk.

Microsoft Sentinel

See and stop cyberthreats across your entire enterprise with intelligent security analytics.

Learn more
A person sitting at their desk typing on a laptop connected to a desktop monitor.

Microsoft Defender for Cloud

Increase protection in your multicloud and hybrid environments.

Learn more
A person working at their desk across two monitors.

Microsoft Defender External Attack Surface Management

Understand your security posture beyond the firewall.

Learn more

Additional resources

Announcement

Read the threat intelligence blog

Learn about the new threat intelligence offerings from Microsoft.

Learn more
Infographic

Help protect your business with threat intelligence

Learn how to use internet threat intelligence to protect your organization against cyberattacks.

Learn more
Documentation

Best practices and implementation

Get started with threat intelligence solutions for your organization today.

Learn more
Blog

Visit the Microsoft Defender Threat Intelligence blog

Learn from Defender Threat Intelligence experts, see what's new, and let us hear from you.

Learn more

Protect everything

Make your future more secure. Explore your security options today.

  • [1] Get OSINT and access select featured articles.
  • [2] Get the most recent two weeks of select datasets.
  • [3] Preview select Intel Profiles.

Follow Microsoft Security

Copilot for organizations Copilot for personal use Microsoft 365 Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store Support Returns Order tracking Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education Office Education Educator training and development Deals for students and parents Azure for students
Microsoft AI Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Advertising Microsoft 365 Copilot Microsoft Teams Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Microsoft Power Platform Marketplace Rewards Visual Studio Careers Privacy at Microsoft Investors Sustainability
English (South Africa)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Contact Microsoft Privacy Manage cookies Terms of use Trademarks About our ads