Microsoft has added new functionality to its Defender Threat Intelligence (Defender TI) platform, which should provide security researchers with more options for aggregating information in investigations of network breaches and other security incidents. The underlying database is now searchable with file hashes and URLs, allowing researchers to add a hash value for a file or URL to a file in the search bar. The system then indicates which threat intelligence is talking about this or how it can be determined by an analysis of the relevant data. The result is then presented in the Summary tab, including the document’s reputation score and basic information, with more details available in the Data tab.
Launched last year, Defender TI brings together information about malware and other malicious developments from various and scattered dynamic and static information streams, such as DNS data, WHOIS information, malware and SSL certificates. This information is stored in the Microsoft Threat Intelligence Defender database, giving security experts a single environment in which to analyze all this data.
