Microsoft Defender for Endpoint / ATP - external import connector request #3571
Comments
adriaanvermaak
added
feature
|
Thanks @adriaanvermaak for your suggestion. Are you able to point me on a documentation API that will permit to implement such use case ? |
|
Hi @romain-filigran , Hope you are well. yes definitely, below is the main documenatation. https://learn.microsoft.com/en-us/defender-endpoint/api/ti-indicator here is the link to the List or retrieval for the indicators. https://learn.microsoft.com/en-us/defender-endpoint/api/get-ti-indicators-collection here is the endpoint for collection : TOKEN_URL = f"https://login.microsoftonline.com/{TENANT_ID}/oauth2/token" below are the indicator types : Url Here is what an indicator response fields would look like. { there is pagination as well |
Use case
Hi Team,
We currently utilize Microsoft Defender for Endpoint / ATP, and looking for a specific external import connector to import the Indicators from MDE.
The current Microsoft Defender Incidents could be replicated easily to accommodate for the retrieval of the Indicators from MDE.
I am happy to assist with anything that is required for you to get this to work.
Please let me know if you need anything as this will greatly assist us, and all other Microsoft 365 users.
thank you in advance
Current Workaround
Proposed Solution
Additional Information
Would you be willing to submit a PR?
We strongly encourage you to submit a PR if you want and whenever you want. If your issue concern a "Community-support" connector, your PR will probably be accepted after some review. If the connector is "Partner-support" or "Filigran-support", a dev team make take over but will base its work on your PR, speeding the process. It will be much appreciated.
The text was updated successfully, but these errors were encountered: