Microsoft Defender for Endpoint - Block IOC
Details
This workflow appears in the pivot menu and allows a user to block an indicator of compromise (IOC) in Microsoft Defender for Endpoint.
Description
This workflow appears in the pivot menu and allows a user to block an indicator of compromise (IOC) in Microsoft Defender for Endpoint. Supported observables include: domain, IP, MD5, SHA1, SHA256, URL
Target: Microsoft Defender for Endpoint
Steps:
- Check which observable type was provided:
- If the observable type is supported, set the matching local variable
- If not supported, return an error
- Request the IOC be blocked
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Microsoft Defender for Endpoint
About
Author
Cisco
Version
v1.0
Intent
Pivot Menu
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
External links
Related workflows
Cisco Managed
This workflow appears in the pivot menu and allows a user to block an indicator of compromise (IOC) in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unisolate a machine in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unblock an indicator of compromise (IOC) in Microsoft Defender for Endpoint.