Microsoft has begun to open source its COVID-19 threat intelligence feeds to help organizations better protect themselves from coronavirus-related cybersecurity threats. Since the pandemic began, businesses have seen a spike in attacks as more employees transition into home offices.
The company collects threat data by processing trillions of signals each day across identities, cloud, endpoints, applications, and email, which enables visibility into COVID-19 attacks, its threat intelligence team states in a blog post. Now Microsoft is making these indicators of compromise available via Azure Sentinel GitHub and the Microsoft Graph Security API. For enterprises that use MISP for storing threat data, indicators can be consumed via the MISP feed.
This decision will bring Microsoft's threat data to the broader security community so security pros can learn how attackers' techniques are changing, how to spot malicious activity, and how they can enable custom threat hunting. Microsoft Threat Protection customers are already protected against these threats via Microsoft Defender ATP and email with Office 365 ATP.
Microsoft says this is a time-limited feed that will be maintained through the peak of the outbreak so businesses can focus on recovery.
Read more details in the full post here.