Create indicators in Microsoft Defender for Endpoint
-
- UpdatedJan 30, 2025
- 2 minutes to read
- Yokohama
- Security Incident Response integrations
Create indicators from associated observables of the security incident using the Microsoft Defender for Endpoint.
Before you begin
Role required: sn_si.admin, sn_si.analyst
About this task
The Microsoft Defender for Endpoint integration allows observable enrichment for all the observable types that are mapped in the Observable-Indicator mapping module.
Create indicators provide you the ability to set a list of indicators for detection, and for blocking prevention and responses. You can create the indicators from associated observable of the security incident.
Procedure