Defender Custom IOC Pre-Check

Copper Contributor

Hi guys,


So what would you suggest is the best way to check if Defender have coverage for certain identified IOCs(IP/Domain/URLs) before ingesting it into the custom indicator list? The goal is to not duplicate indicators that is already being detected by Defender.

1 Reply
I was looking into myself and couldn't find anything. I suspect it's most likely built-in to Microsoft's threat intelligence