Forum Discussion
Dynamic Blocklist in Microsoft Defender XDR
Hello Community,
I have one question, and i think that is a request that could be useful to everyone.
We have a Dynamic list that are published over internet in read-only (into this list we put ioc like malicious domain or bad ip reputation) is a txt file.
There are a possibility from MDE o MDC to block all connection to this ioc ?
or MDE and MDC not support Dynamic BLocklist ?
Regards,
Guido
- Hi GuidoImpe, - Currently, as far as i know, MDE and MDC don’t directly support blocking based on a dynamic blocklist (like a txt file with IOCs). You can integrate threat intelligence, but automatic blocking of dynamic IOCs in real-time would require a more manual or custom setup, such as using custom indicators in Defender or leveraging third-party solutions. - Hope that helps! - Regards, 
2 Replies
- lucheteIron ContributorHi GuidoImpe, Currently, as far as i know, MDE and MDC don’t directly support blocking based on a dynamic blocklist (like a txt file with IOCs). You can integrate threat intelligence, but automatic blocking of dynamic IOCs in real-time would require a more manual or custom setup, such as using custom indicators in Defender or leveraging third-party solutions. Hope that helps! Regards,