Forum Discussion
Adding custom Threat Intelligence feeds to M365 Defender
Are there any methods for adding TI feeds to M365 like we can do for Azure Sentinel?
1 Reply
- Hi Dean,
Yes it is also possible for MDE (Microsoft Defender for Endpoint) within the M365 portal.
https://security.microsoft.com > settings > endpoints > indicators
You can submit file hashes, IP adresses , Urls/domains & Certificates.
You can upload a csv file or (what I prefer) post them via the graph api.
This documentation should get you going using the graph api to upload indicators.
https://docs.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http
