Forum Discussion
Can I check whether an IoC/hash is already monitored by MDE?
The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a specific IoC (hash)? This would save us some thousand entries and improve our monitoring coverage.
*Better to join forces than reinvent the wheel.
3 Replies
- Daniel Simpson
Microsoft
Good question. Let me follow up on this for you. Will reply soon.jjsantanna you can use this API to check the determination on a file hash: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/files?view=o365-worldwide
Hopefully this helps! 🙂
