This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 45%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
As we have an expiration date for Custom Indicators in ATP, do we have a way to extend that date without creating those indicators (manually or via CSV) in ATP again?
Also, what's the best way to check if Microsoft detects an indicator? I have been checking, for instance, a file hash in ATP to see if Microsoft has additional information about the threat. If it does, does that mean ATP has an automatic detection for it (not through our custom indicator) and perhaps we don't need to have that as an indicator anymore?
Thanks!
@Mallika
Hi,
Based on my research, there is no such way to extend the date.
About the indicator, you could refer to the following article:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-unified-indicators-of-compromise-iocs/ba-p/656415
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.