Microsoft defender API

%3CLINGO-SUB%20id%3D%22lingo-sub-2742970%22%20slang%3D%22en-US%22%3EMicrosoft%20defender%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2742970%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%20community%2C%20I%20have%20one%20question.%20We%20are%20using%20alienvault%20otx%20to%20get%20IOC%20of%20domains%2FIP's.%20It's%20huge%20data%20and%20every%20platform%20will%20have%20some%20limitations%20of%20blocking%20these%20IOC's.%20For%20example%2C%20In%20Microsoft%20defender%2C%20we%20can%20only%20block%2015k%20per%20tenant.%20We%20are%20usually%20taking%20these%20IOC%20and%20checking%20in%20virustotal%20to%20see%20if%20it%20is%20already%20detected%20by%20a%20firewall%2C%20Microsoft%20defender%20to%20avoid%20adding%20duplicates.%20How%20you%20guys%20are%20handling%20this%20situation%3F%20Is%20there%20any%20way%20to%20do%20automation%20using%20graph%20API%20to%20check%20if%20it%20is%20already%20detected%20by%20the%20defender%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello community, I have one question. We are using alienvault otx to get IOC of domains/IP's. It's huge data and every platform will have some limitations of blocking these IOC's. For example, In Microsoft defender, we can only block 15k per tenant. We are usually taking these IOC and checking in virustotal to see if it is already detected by a firewall, Microsoft defender to avoid adding duplicates. How you guys are handling this situation? Is there any way to do automation using graph API to check if it is already detected by the defender?

0 Replies