Forum Discussion

jjsantanna's avatar
jjsantanna
Brass Contributor
Oct 21, 2021

Can I check whether an IoC/hash is already monitored by MDE?

The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a speci...
check
IoC
MDE
Daniel Simpson's avatar
Daniel Simpson
Icon for Microsoft rankMicrosoft
Oct 21, 2021
Good question. Let me follow up on this for you. Will reply soon.
Thomas_Doucette's avatar
Thomas_Doucette
Former Employee
Oct 28, 2021

jjsantanna you can use this API to check the determination on a file hash: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/files?view=o365-worldwide

 

Hopefully this helps! 🙂 

  • Anonymous's avatar
    Anonymous
    Sep 28, 2022
    Problem is, how would you implement it to check "thousands" of entries?

Resources