Can I check whether an IoC/hash is already monitored by MDE?
The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a specific IoC (hash)? This would save us some thousand entries and improve our monitoring coverage. *Better to join forces than reinvent the wheel.
Defender for Endpoint - EDR Block Mode
Hi All, Is there anyway to verify that MDE is in block on mode on any given endpoint? Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled? Other than having it turned on in the Security Center's Advance Features section? I have it turned on yet I see some Endpoints still showing security recommendations to turn it on. Freshly onboarded and latest version of windows 10. Defender is in active mode. Any ideas? Thanks in advance.