The ThreatQ CDF for Microsoft Defender integration enables the automatic ingestion of incidents, alerts, reports and related context, from your Microsoft Defender portal, into ThreatQ.

The integration provides the following endpoints:

• Microsoft Defender XDR Incidents - ingests assets, events, indicators, and malware.
• Microsoft Defender Threat Intelligence Articles - ingests reports, indicators, attack patterns and vulnerabilities.
• Microsoft Defender Threat Intelligence Intel Profiles - ingests adversaries, tools, reports and indicators.

The integration ingests the following system objects:

• Adversaries
• Attack Patterns
• Assets
  • Asset Attributes
• Events
  • Event Attributes
• Indicators
  • Indicator Attributes
• Malware
• Reports
• Tags
• Tools
• Vulnerabilities