Security News > 2023 > April > Microsoft opens up Defender threat intel library with file hash, URL search
Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot.
"Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address," Redmond wrote earlier about Defender Threat Intelligence, aka Defender TI. "DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise, but these repositories are widely distributed and don't always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure."
Defender Threat Intelligence, we note, can perform both static and dynamic analysis of files and URLs both within Microsoft's environment and outside of it.
With the added search capability, researchers can put a hash value for a file or URL to a file into the search bar and Microsoft's system will return whatever threat intelligence is held or can be ascertained through analysis about that particular data, displaying it under the Summary tab, which includes the document's reputation score and basic information.
"This provides a straightforward way to obtain insights about the file hash or URL and any associated links to intelligence articles where the file hash or URL has been listed as an Indicator of Compromise," Mercer described, adding that the new capability has been a "Top customer-requested feature."
Microsoft launched Defender Threat Intelligence, along with Defender External Attack Surface Management, in August, with both platforms including technology from cybersecurity firm RiskIQ, which Redmond bought a year earlier for $500 million.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/18/microsoft_threat_intelligence_search/