of false positive alerts resolved for you, tuning recommendations, and true threats clustered for efficient response
of alerts deeply investigated automatically, with actionable recommendations for every alert
the cost of traditional outsource SOC providers, with easy setup to save your team from time-consuming tasks
For SOC teams, too much time gets consumed by manual triage and investigating new incidents. See how Intezer ensures every endpoint alert gets investigated, you can tune out false positives, you have time for proactive threat hunting, and you’ll never miss the real threats.
The integration is easy to set up – from Microsoft Defender, you’d need to generate an API key with specific permissions, then input that API key into Intezer. (No new agents to install on endpoints or engineering required.) Within minutes, you’ll see your Intezer dashboard populate with analysis results about investigated alerts from Microsoft Defender and Intezer’s assessment notes and recommendations will get pushed to Microsoft Defender.
Intezer’s technology replaces the need for outsourced managed detection and response (MDR) services that conduct Tier 1 SOC alert triage and response. Intezer delivers alert triage and analysis results you can trust using automated technology – without the high cost and human errors of SOC services based on analysts for alert triage and analysis. This allows you to eliminate escalation of false positives, ensure every alert gets investigated, reduce alert response time, and initiate response with all the answers you need on hand. With Intezer you know there’s no overlooked alerts, less noise, and it’s not draining the budget.
On a high level, Intezer monitors alerts from Microsoft Defender, collecting artifacts (files, URLs, etc.) to scan and analyze for malicious code or techniques. Triaged alerts are grouped by verdict (like confirmed malicious or false positives) and threats clustered for quick response. Intezer uses established analysis methods (such as sandboxing to analyze behavior) alongside proprietary code analysis technology to provide detailed, transparent results.
Intezer’s alert triage results include a verdict, threat classification, clear recommendations, extracted indicators of compromise (IOCs), tactics and techniques mapped to MITRE ATT&CK, and more. Intezer’ full investigation results for all artifacts are transparent and available to review for each alert, including for any confirmed threats or false positive alerts, unlike the results provided by many MDR services. We don’t hide anything from your team.
Intezer provides a live endpoint scanning tool that you can launch from Microsoft Defender to scan a suspicious endpoint for traces of fileless and packed malware, malicious code injections, or any unrecognized code. Intezer also includes a tool for scanning and analyzing a memory dump, if a live endpoint is not available.