Mar 15, 2024
1.0.0
ThreatQ versions >= 4.30.0
ThreatQ Operation for Microsoft 365 Defender
Overview
The ThreatQ Operation for Microsoft 365 Defender enables analysts to export IOC’s to Microsoft 365 Defender and set actions and expirations.
The operation provides the following actions:
The operation provides the following actions:
- Create Policy - Whitelist or blacklist IOC’s from ThreatQ in Microsoft 365 Defender.
- Revoke Policy - Remove a policy from Microsoft 365 Defender that had previously been sent from ThreatQ.
The operation is compatible with the following indicator types:
- SHA-1
- SHA-256
- MD5
- FQDN
- IP Address
- URL