Forum Discussion
Solved
Automate bulk-import of file with IP-adresses to block
We use SOAR to bulid a block-file containing IP-adresses we want to block.
We can place this file on a network share, sftp, or "whereever".
Is it possible for us to instruct Defender to read this file automatically, instead of Some User (tm) having to upload it manually in the security center?
Hi CommanderNorton,
Yes, you can automate this by using Microsoft Defender’s API or PowerShell. You can set up a script to pull the block list from your SOAR-generated file and push it to Defender automatically. Another option is using Microsoft Sentinel playbooks to handle the import process. This way, you don’t need manual uploads in the security center.
Let me know if you need specific guidance on this.
Regards!
Hi CommanderNorton,
Yes, you can automate this by using Microsoft Defender’s API or PowerShell. You can set up a script to pull the block list from your SOAR-generated file and push it to Defender automatically. Another option is using Microsoft Sentinel playbooks to handle the import process. This way, you don’t need manual uploads in the security center.
Let me know if you need specific guidance on this.
Regards!