The ThreatQ Action for Microsoft 365 Defender integration allows you to export indicators directly to Microsoft Defender via Microsoft’s 365 Defender API.

The integration provides the following action:

• Microsoft 365 Defender Export Collection - submits the indicators in a ThreatQ data collection to Microsoft 365 Defender.

The action is compatible with the following indicator types:

• FQDN
• IP Address
• IPv6 Address
• MD5
• SHA-1
• SHA-256
• URL

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.