Oct 21 2021 07:04 AM
The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a specific IoC (hash)? This would save us some thousand entries and improve our monitoring coverage.
*Better to join forces than reinvent the wheel.
Oct 21 2021 11:18 AM
Oct 27 2021 06:41 PM
@jjsantanna you can use this API to check the determination on a file hash: File resource type | Microsoft Docs.
Hopefully this helps! 🙂
Sep 27 2022 10:11 PM