Forum Discussion
Solved
Add Custom Detections via api?
Is it possible to add our own Custom Detections, either Sigma Rules or indicators from MISP via the api? Thank you! Also, is this the best place to ask questions and learn? Is there a sla...
- Yes - https://github.com/microsoftgraph/security-api-solutions/blob/master/Samples/MISP/README.md
Some warnings:
It probably won't work out of the box.
You'll need to take from what you see here and modify/make your own.
Sigma used to have a converter function for Endpoint , but like the script above, has fallen out of date. You could write your own converter though.
Yes - https://github.com/microsoftgraph/security-api-solutions/blob/master/Samples/MISP/README.md
Some warnings:
It probably won't work out of the box.
You'll need to take from what you see here and modify/make your own.
Sigma used to have a converter function for Endpoint , but like the script above, has fallen out of date. You could write your own converter though.
Some warnings:
It probably won't work out of the box.
You'll need to take from what you see here and modify/make your own.
Sigma used to have a converter function for Endpoint , but like the script above, has fallen out of date. You could write your own converter though.
Thank you for this! FINALLY getting back to this! Will this do Custom Detections? I don't mean the indicators like a file hash, I mean full blown KQL detections with priorities, Mitre information all that for Defender for Endpoint.