it is very nice feature but i tried 1-i created device group 2-linked device group to file hash & url indicator unfortunately no response questions : 1-how can i enforce indicator to apply on a machine 2-from the machine how can i know the indicator is applied please advice or share MS docs link
The same problem here. I created indicator for a new malware. Then updated the defender but it say it's clean! I'm not surprise it was our fault from the beginning we moved to MS!
I created indicator for a new malware. Then updated the defender and scanned the file but it say it's clean! My question is. is it not working because it's simply MS product and many of them are not working? or There is extra step not shown in the video that need to be done?
it is very nice feature but i tried
1-i created device group
2-linked device group to file hash & url indicator
unfortunately no response
questions :
1-how can i enforce indicator to apply on a machine
2-from the machine how can i know the indicator is applied
please advice or share MS docs link
The same problem here. I created indicator for a new malware. Then updated the defender but it say it's clean! I'm not surprise it was our fault from the beginning we moved to MS!
I created indicator for a new malware. Then updated the defender and scanned the file but it say it's clean! My question is. is it not working because it's simply MS product and many of them are not working? or There is extra step not shown in the video that need to be done?
Any ideas on how to assign ioc on a spesific device ?? on the scope tab im having only 'all devices'
Very usefull information Thank you for sharing