Defender Custom IOC Pre-Check

%3CLINGO-SUB%20id%3D%22lingo-sub-3219359%22%20slang%3D%22en-US%22%3EDefender%20Custom%20IOC%20Pre-Check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3219359%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20what%20would%20you%20suggest%20is%20the%20best%20way%20to%20check%20if%20Defender%20have%20coverage%20for%20certain%20identified%20IOCs(IP%2FDomain%2FURLs)%20before%20ingesting%20it%20into%20the%20custom%20indicator%20list%3F%20The%20goal%20is%20to%20not%20duplicate%20indicators%20that%20is%20already%20being%20detected%20by%20Defender.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3220838%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20Custom%20IOC%20Pre-Check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3220838%22%20slang%3D%22en-US%22%3EI%20was%20looking%20into%20myself%20and%20couldn't%20find%20anything.%20I%20suspect%20it's%20most%20likely%20built-in%20to%20Microsoft's%20threat%20intelligence%3C%2FLINGO-BODY%3E
New Contributor

Hi guys,

 

So what would you suggest is the best way to check if Defender have coverage for certain identified IOCs(IP/Domain/URLs) before ingesting it into the custom indicator list? The goal is to not duplicate indicators that is already being detected by Defender.

1 Reply
I was looking into myself and couldn't find anything. I suspect it's most likely built-in to Microsoft's threat intelligence