Entity enrichments with threat intelligence
Why it matters: In preview
What to do: Enrichments include reputation scores, attributed threat reports, infrastructure relationships, and sandbox analysis, eliminating the need to switch between separate tools during investigations.
Entity enrichments with threat intelligence: Entity pages for IP addresses, domains, URLs, and files now include a Threat Intelligence Insights tab that surfaces enrichment data from Microsoft Threat Intelligence directly in the investigation workflow. Enrichments include reputation scores, attributed threat reports, infrastructure relationships, and sandbox analysis, eliminating the need to switch between separate tools during investigations. For more information, see View threat intelligence in entity pages.
Affected: Microsoft Defender XDR