Freely subscribe to our NEWSLETTER

According to IDC, "Threat intelligence is a foundational component of a modern cybersecurity program… Threat intelligence programs provide both qualitative assessments of the field and actionable, automated solutions that bolster existing security defenses". For businesses, it is also important to smoothly incorporate TI with their security operations for the most effective protection from cyberthreats.

Access to Kaspersky TI through Microsoft Sentinel empowers enterprises with the latest insights to counter cyberattacks. Actionable context in feeds includes threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity or other search terms. With this data, security teams or SOC analysts can accelerate the initial alert triage by making informed decisions for investigation or escalation to an incident response team.

Kaspersky Threat Data Feeds are generated automatically in real time and aggregate high-quality data from multiple reliable sources around the world. This includes the Kaspersky Security Network covering millions of voluntary participants globally[1], Botnet Monitoring service, spam traps, plus world-renowned Kaspersky experts from GReAT and R&D teams. All the data is carefully inspected and refined with dedicated pre-processing techniques.

Microsoft Sentinel uses TAXII protocol and gets data feeds in STIX format so it allows configuring Kaspersky Threat Data Feeds as a TAXII Threat Intelligence source in the interface. Once it is imported, cybersecurity teams can use out-of-the-box analytic rules to match threat indicators from feeds with logs.