07-27-2023 05:45 AM
I want to achieve below steps. is there any exiting playbook or have to customized playbook?
In this first step, we will fetch the list of existing IOCs from Microsoft APT and compare them with the IOCs you wish to add.
Upon comparing the fetched list with your desired IOCs, we will identify the existing items. Those already present in Microsoft APT will be ignored, and a notification email will be sent to your team, providing details about these items.
For the IOCs that are not already in Microsoft APT, we will proceed to add them using the XSOAR integration with Microsoft APT.
After successfully adding the new IOCs, we will perform a cross-check by fetching the IOCs from Microsoft APT again. This verification step ensures the accuracy of the additions.
Once the cross-check confirms that the new IOCs are added to Microsoft APT, we will use the "Send Email" integration in XSOAR to notify your team about the successful addition.
if required custom playbook, kindly help me which automation I should use.?
08-01-2023 10:54 AM
Hello Vhebri,
I found this content pack from called 'Microsoft Defender for Endpoint' that includes this in the description:
and it allows the Microsoft Defender for Endpoint integration to import events as XSOAR incidents.
This should accomplish the items you are looking for. Hope this helps!
Link here: https://cortex.marketplace.pan.dev/marketplace/details/MicrosoftDefenderAdvancedThreatProtection/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
