Forum Discussion

Hindy-UK's avatar
Hindy-UK
Copper Contributor
May 09, 2024

Custom network indicators setting

Hi,

 

Does anyone have any detail on what the custom network indicators setting in Advanced features actually does please? The description in the Defender portal indicates it’s needed to allow or block connections to items in custom indicator list. However, the description on Microsoft (here ) says it controls ability to create these indicators. That does not appear to be the case as custom indicators are being added with this off.

 

Situation I have is that this setting is off but the MSSP has been adding custom indicators associated with threat actor. There are also custom indicators being created from Defender for Cloud Apps unsanctioned apps. 

There are incidents being created for blocks to unsanctioned apps, which indicates that this appears to work even with custom network indicators setting turned off. I need to be sure that the threat actor IP addresses will be blocked, so will recommend that the setting is turned on. But it would be good to have the detail of exactly what this does.

No RepliesBe the first to reply

Resources