Custom Indicators in Defender ATP

Mallika 21 Reputation points
2021-01-27T23:37:46.567+00:00

As we have an expiration date for Custom Indicators in ATP, do we have a way to extend that date without creating those indicators (manually or via CSV) in ATP again?

Also, what's the best way to check if Microsoft detects an indicator? I have been checking, for instance, a file hash in ATP to see if Microsoft has additional information about the threat. If it does, does that mean ATP has an automatic detection for it (not through our custom indicator) and perhaps we don't need to have that as an indicator anymore?

Thanks!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,840 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jenny Feng 14,101 Reputation points
    2021-01-28T02:54:22.467+00:00

    @Mallika
    Hi,
    Based on my research, there is no such way to extend the date.
    About the indicator, you could refer to the following article:
    https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-unified-indicators-of-compromise-iocs/ba-p/656415
    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful