Forum Discussion
Adding custom Threat Intelligence feeds to M365 Defender
Are there any methods for adding TI feeds to M365 like we can do for Azure Sentinel?
Hi Dean,
Yes it is also possible for MDE (Microsoft Defender for Endpoint) within the M365 portal.
https://security.microsoft.com > settings > endpoints > indicators
You can submit file hashes, IP adresses , Urls/domains & Certificates.
You can upload a csv file or (what I prefer) post them via the graph api.
This documentation should get you going using the graph api to upload indicators.
https://docs.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http
Yes it is also possible for MDE (Microsoft Defender for Endpoint) within the M365 portal.
https://security.microsoft.com > settings > endpoints > indicators
You can submit file hashes, IP adresses , Urls/domains & Certificates.
You can upload a csv file or (what I prefer) post them via the graph api.
This documentation should get you going using the graph api to upload indicators.
https://docs.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http