For Sentinel – The MDTI data connector and MDTI matching analytics (both part of the Threat Intelligence solution in Content hub) are free of cost. Neither require any kind of premium MDTI license.
The MDTI playbooks (part of the MDTI solution in Content hub) does require premium MDTI license. These playbooks are used to enrich entities within an incident in Sentinel.
Hi Rod,
Are there any cost when you enable this?
Best regards
Free to install. There will be some underlying costs for the Playbooks to run, but that's the standard Logic App cost - which is minimal.
This websites says otherwise:
https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-mdti-microsoft-sentinel-playbooks/ba-p/3780096 and https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-apis-in-microsoft-graph/ba-p/3780350
We need to have a paid license of Microsoft Defender Threat Intelligence which cost € 3.900 per month (see: https://jeffreyappel.nl/how-works-microsoft-defender-threat-intelligence-defender-ti-and-what-is-the-difference-between-free-and-paid/)
Is that correct?
There's been additional discussion around this. Let me find the thread.
To clarify...
For Sentinel – The MDTI data connector and MDTI matching analytics (both part of the Threat Intelligence solution in Content hub) are free of cost. Neither require any kind of premium MDTI license.
The MDTI playbooks (part of the MDTI solution in Content hub) does require premium MDTI license. These playbooks are used to enrich entities within an incident in Sentinel.
Thanks for clarifying.
The connector is already inplace and i only have to do this. https://learn.microsoft.com/en-us/azure/sentinel/use-matching-analytics-to-detect-threats
Hope i can use the playbooks in the future ;-). Is there special price for Non Profit organisations like Healthcare?