Forum Discussion

Haim Goldshtein's avatar
Haim Goldshtein
Icon for Microsoft rankMicrosoft
May 05, 2019

Pushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP

Submit your own IOCs to Microsoft Defender ATP to create alerts and perform remediation actions. 5 Minutes  Low complexity      Many organizations maintain internal lists of ...
Dan Michelson's avatar
Dan Michelson
Icon for Microsoft rankMicrosoft
Jun 03, 2019

DannyC_Gamma 

 

Please check first how many items you are pushing.

 

Currently, there is a limit of 5K items in the list. If the batch you are trying to push is larger than the remaining room in the list, it may fail.

 

 

DannyC_Gamma's avatar
DannyC_Gamma
Brass Contributor
Jun 03, 2019

Dan Michelson 

 

I was more referring to the message that I'd crudely highlighted in the screen grab

 

Blocking IP addresses, domains, or URLs is not yet available for this tenant.

 

I'm sure I've had the ability to do these previously - at present, I can only block hashes. Is the URL/Domain blocking functionality going to be (re)made available soon?

 

Thanks

Danny

 

 

Resources