Indicators enhancements: Allow/Block by certificates & more
We’re excited to share that you can now set an indicator to prevent and exclude entities based on certificate information. In addition, the alert and block action on files can now be applied on files signed by trusted publishers. We have also increased the number of custom indicators you can create from 5,000 to 15,000.
Can I check whether an IoC/hash is already monitored by MDE?
The list of IoC is limited to 15k. I imagine some IoCs entries from our "custom list" are already monitored by Microsoft/MDE. So, is there a way to check whether there is a detection rule for a specific IoC (hash)? This would save us some thousand entries and improve our monitoring coverage. *Better to join forces than reinvent the wheel.
