cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding custom Threat Intelligence feeds to M365 Defender

Dean Gross
Silver Contributor

‎Jun 10 2021 08:48 AM

‎Jun 10 2021 08:48 AM

Adding custom Threat Intelligence feeds to M365 Defender

Are there any methods for adding TI feeds to M365 like we can do for Azure Sentinel?

Labels:
3,674 Views
2 Likes
1 Reply
Reply
1 Reply
LouisMastelinck

‎Jun 14 2021 06:56 AM

‎Jun 14 2021 06:56 AM

Re: Adding custom Threat Intelligence feeds to M365 Defender

Hi Dean,

Yes it is also possible for MDE (Microsoft Defender for Endpoint) within the M365 portal.
https://security.microsoft.com > settings > endpoints > indicators

You can submit file hashes, IP adresses , Urls/domains & Certificates.
You can upload a csv file or (what I prefer) post them via the graph api.

This documentation should get you going using the graph api to upload indicators.
https://docs.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=...

0 Likes
Reply