cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

KQL Queries with RemoteIP, whitelist Agency Public IP Addresses

mathurin68
Brass Contributor

‎Aug 23 2021 11:57 AM

‎Aug 23 2021 11:57 AM

KQL Queries with RemoteIP, whitelist Agency Public IP Addresses

Is it possible to add a list somewhere to Defender EndPoint to 'whitelist' the Agency public IP addresses? Or say you're searching for LOLBINS reaching out to public IP addresses and you want to ignore the Agency IP addresses? Is there a way to do that? Thank you!
1,537 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by mathurin68 (Brass Contributor)
Jayronn

‎Sep 02 2021 10:17 AM

‎Sep 02 2021 10:17 AM

Solution

Re: KQL Queries with RemoteIP, whitelist Agency Public IP Addresses

Hi @mathurin68,

 

Here are documentation that could help you: Create indicators for IPs and URLs/domains | Microsoft Docs, and Create indicators | Microsoft Docs. From there you can set the necessary action for the IP of interest. Such as shown below:
Jayronn_0-1630603028202.jpeg
Please let me know if this helps answer your question.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by mathurin68 (Brass Contributor)
Jayronn

‎Sep 02 2021 10:17 AM

‎Sep 02 2021 10:17 AM

Solution

Re: KQL Queries with RemoteIP, whitelist Agency Public IP Addresses

Hi @mathurin68,

 

Here are documentation that could help you: Create indicators for IPs and URLs/domains | Microsoft Docs, and Create indicators | Microsoft Docs. From there you can set the necessary action for the IP of interest. Such as shown below:
Jayronn_0-1630603028202.jpeg
Please let me know if this helps answer your question.

View solution in original post

0 Likes
Reply