Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

MS-ISAC advisories as a threat feed?

Copper Contributor

This is regarding the MS-ISAC advisories that are pushed out by the Center for Internet Security (CIS) Cyber Threat Intelligence (CTI) team. Basically a listing of IP's and Domains that have observed maliciousness or attributes thereof.
Are these lists automatically included as a threat feed into Defender proper via Microsoft ingesting it and adding to its databases? Or are these to be manually put in the Defender Endpoint IoC lists on the organizations Defender portal? I ask as I seem to have a limit of 15k for IoC across file hash, IP, URL/Domain, and certificates combined which would go quick considering MS-ISAC Advisories are usually a couple hundred at a time.

0 Replies