Forum Discussion
MicrosoftPushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP
Microsoft
Please check first how many items you are pushing.
Currently, there is a limit of 5K items in the list. If the batch you are trying to push is larger than the remaining room in the list, it may fail.
I was more referring to the message that I'd crudely highlighted in the screen grab
Blocking IP addresses, domains, or URLs is not yet available for this tenant.
I'm sure I've had the ability to do these previously - at present, I can only block hashes. Is the URL/Domain blocking functionality going to be (re)made available soon?
Thanks
Danny
- Haim Goldshtein
Hi Danny,
Blocking IPs, URL & Domains are features you need to turn on for you tenant.
if the feature is turned off, when going to Indicators page-> IP TAB you will see the following warning message:
to turn on the feature, you should go to Advance Feature tab, and turn Network Protection on:
Thank you for bring that up, I'll add that procedure to the blog.
Please check it and let me know if it works for you.
Thanks,
Haim
Haim Goldshtein Hi - the option is still not available - and I do not have the possibility to block custom URL or IP addresses. Any status on this issue ???
- Andre Fabbri
Hi Ronnie Lykke Madsen. Blocking IPs, domains, or URLs is currently available on limited preview only. This requires sending your custom list to network protection to be enforced which is an option that will be generally available soon. As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will.
Hi Haim,
My message is sightly different would you be able to provide some context. We dont have Azure ATP enabled (yet), everything else is working as expected.
Is this function dependent on Azure ATP by any chance
?
Many Thanks
Mornay
Hey Haim
I don't see that option in Advanced features - is that a preview feature (I do have those enabled)
Thanks
Danny
- Dan Michelson
DannyC_Gamma This is something in preview right now. Stay tuned as it is coming.
