Forum Discussion

HathMH's avatar
HathMH
Copper Contributor
Jun 10, 2024

MS-ISAC advisories as a threat feed?

This is regarding the MS-ISAC advisories that are pushed out by the Center for Internet Security (CIS) Cyber Threat Intelligence (CTI) team. Basically a listing of IP's and Domains that have observed maliciousness or attributes thereof.
Are these lists automatically included as a threat feed into Defender proper via Microsoft ingesting it and adding to its databases? Or are these to be manually put in the Defender Endpoint IoC lists on the organizations Defender portal? I ask as I seem to have a limit of 15k for IoC across file hash, IP, URL/Domain, and certificates combined which would go quick considering MS-ISAC Advisories are usually a couple hundred at a time.

No RepliesBe the first to reply

Resources