Skip to content

Commit

Permalink
Update indicator-manage.md
Browse files Browse the repository at this point in the history 
Added note under parameter table to detail that network indicators cannot have the action parameter set to BlockAndRemediate.
  • Loading branch information
@vboyev-MSFT
vboyev-MSFT authored Oct 25, 2024
1 parent f4e7e5b commit fc74cd5
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions defender-endpoint/indicator-manage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@ The following table shows the supported parameters.
> Classless Inter-Domain Routing (CIDR) notation for IP addresses is not supported.
For more information, see [Microsoft Defender for Endpoint alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).

> [!NOTE]
> Network Indicators 'action' type does not support the use of *BlockAndRemediate*. The Network indicator will not import if it is set to *BlockAndRemediate*.
Watch this video to learn how Microsoft Defender for Endpoint provides multiple ways to add and manage Indicators of compromise (IoCs).
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLVw]
Expand Down

0 comments on commit fc74cd5

Please sign in to comment.