Add malicious file indicator Identified by Microsoft Defender to IOC feed

This automation adds the SHA1 hash of files flagged as malicious by Microsoft Defender as an indicator to an IOC feed and their source URL, updating threat intelligence and enhancing security response. It could potentially help other products prevent the file from being downloaded or executed on all your machines if IOC Enforcement is enabled.

Supported Product

• Microsoft Defender

• Infinity IoC Management

Parameters

Expiration in days (0 means no expiration)

Set the expiration period for the automation.

Trigger

Infected Microsoft Defender device.

To view the example of this log, click Run.

Flow