Getting Started - Microsoft Defender for Endpoint

Introduction
This integration with Microsoft Defender for Endpoint has two components - Block IPs and Domains on Microsoft Defender for Endpoint with Recorded Future and Command and Control Security Control Feed

Prerequisites

  1. Recorded Future API Token
    • (Specifically, a Recorded Future for Microsoft Sentinel API token)
  2. The following Azure roles and permissions will be needed at various stages of installation:
    1. Security Administrator (AD role, not the RBAC role)
    2. Global Administrator
    3. Logic app contributor

Installation
Component - Block IPs and Domains

1. Deploy the RecordedFuture-ImportToDefenderEndpoint playbook template

Azure.svg AzureGov.svg

2. Deploy the RecordedFuture-TIforDefenderEndpoint playbook template

Azure.svg AzureGov.svg

Component - Command and Control Security Control Feed

1. Deploy the RecordedFuture_IP_SCF_ImportToDefenderATP playbook template

Azure.svg AzureGov.svg

2. Deploy the RecordedFuture_IP_SCF_IndicatorProcessor playbook template

Azure.svg AzureGov.svg

Support
Please reach out to Recorded Future support at support@recordedfuture.com for any queries and assistance needed during the installation.

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more