ESET Threat Intelligence data feeds join the hunt with Microsoft Sentinel integration

Next story

ESET Threat Intelligence data feeds set to increase visibility for users operating Microsoft Sentinel SIEM/SOAR platform.

Bratislava— December 08, 2023 — ESET, a global leader in cybersecurity, today announced that its long-standing collaboration with Microsoft now includes the integration of ESET’s six threat intelligence data feeds with Microsoft Sentinel, a scalable, cloud-native solution providing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities. ESET’s integration utilizes Microsoft Sentinel’s built-in TAXII client, helping security operations center (SOC) analysts in any organization hunt and investigate customers’ threat environments. This marks a new effort to extend the benefit of ESET’s unique data to organizations seeking to improve existing comprehensive threat intelligence solutions and rapid response capabilities.

The ESET data in question is built on the back of its renowned Malware and Threat Research pedigree, which benefits from unique telemetry fed from its substantial installed user base, among them regions underserved by most competitors. This unique value-add is best demonstrated by the many notable research pieces and exclusive detections, including GreyEnergy, BlackEnergy, Industroyer, NotPetya and many of the wiper malware discovered at the start of Russia’s invasion of Ukraine.

ESET’s data and its research cadre also regularly feature in large botnet takedowns and disruptions. These discoveries were pursued by more than 160 researchers and software engineers working in Core Research and Threat Detection at ESET.

The threat data feeds featured in this integration comprise only relevant, curated data that has already received in-house data evaluation, curation, sorting, scoring and processing. The data feeds include APT feed, malicious files feed, botnet feed, domain feed, URL feed and IP feed. The quality of the data is also reflected in the strong standing of #ESETResearch in the cybersecurity community and the contributions of its experts in partnership with MITRE ATT&CK, CISA, EUROPOL, FBI and a number of government entities.

With global concerns intensely focused on threats vectoring from Russia’s war in Ukraine and other hotspots going global, ESET prioritized rapid support for enterprises via its threat data in an agnostic approach to users’ chosen threat intelligence (TI) platforms. This acknowledges the diversity of software and technology stack choices. The integration also signals ESET’s path toward supporting seamless interaction between our data and internal tools and third-party SIEM and SOAR tools — starting with Microsoft Sentinel. This approach supports simplified workflows and reductions in manual effort and enhances efficiency. The collaboration between the two companies also demonstrates a strong market position, with two industry leaders combining their strengths.

“Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and center, the integration will allow ESET and Microsoft’s joint customers to immediately benefit from a more holistic view of their security posture by combining ESET’s real-time threat data with customers’ wider security operations,” said Trent Matchett, ESET Director of Global Strategic Accounts.

“This announcement is also a proof point for ESET’s journey towards utilization of industry standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products. With the Microsoft Sentinel integration, ESET further demonstrates the unique value-add we’ve brought to the cybersecurity community for more than 30 years. So, for SOC teams, CERTs, MSSPs or TIPs that come across this integration, they should know that ESET data is highly actionable, and with ESET’s storied low false positive rates, can have immediate impact when countering threats that ESET has unique detections for,” Matchett continued.

Microsoft Sentinel users can now benefit from unique, diverse, actionable feeds from ESET. They can enrich their TI in a very useful and valuable way, and significantly improve their security posture and prevent ransomware attacks, malware campaigns, etc. These benefits are built upon the strong foundations of ESET threat intelligence (data feed) and its endpoint protection products (ESET PROTECT), which collectively include:

  • Enhanced analysis
  • Cloud native deployment
  • Intelligence-driven data (highly curated)
  • Dedicated team of threat researchers tracking all major APT groups
  • Unique data sources
  • Deeper visibility
  • Protection from botnets, precursors to ransomware attack
  • Advanced context of IOCs
  • Early-stage detection and protection
  • Protection against threats with automated intelligence in real time

Find further information about the ESET threat data feed and integration with Microsoft Sentinel here. Additional detailed information about ESET Threat Intelligence, our API project and other related topics is available on our corporate website, or make a direct inquiry.  

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit or follow us on LinkedInFacebook, and X (Twitter).