The ThreatQ Action for Microsoft Defender integration allows you to export indicators directly to Microsoft Defender via Microsoft’s Defender API.

The integration provides the following action:

• Microsoft Defender Export Collection - submits the indicators in a ThreatQ data collection to Microsoft Defender.

The action is compatible with the following indicator types:

• FQDN
• IP Address
• IPv6 Address
• MD5
• SHA-1
• SHA-256
• URL

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.