Microsoft Defender for Endpoint - Unblock IOC
Details
This atomic belongs to the Microsoft Defender for Endpoint atomic group.
Unblocks an IOC in Microsoft Defender for Endpoint. This atomic requires the following API permission: Ti.ReadWrite.All.
Target: Microsoft Defender for Endpoint (Commercial or GCC) integration target or HTTP Endpoint for "api.securitycenter.microsoft.com" with no path
Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target
Steps:
[] Build the authorization header
[] Request to unblock the IOC
[] Check if the request was successful:
[]> If it wasn't, output an error
More information about this API: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/delete-ti-indicator-by-id
About
Authorship
Cisco Managed