Windows Defender: Import Indicators from TruSTAR
This script extracts Indicators from TruSTAR and imports them into Windows Defender ATP.
Activating the Script
- Create an AD App in the Azure portal (link).
- Assign permissions Ti.ReadWrite.All (link).
- Create an App Secret for the newly registered App.
- Contact your TruSTAR account manager with the following information:
- Source enclave IDs
- App ID
- App Secret
- Tenant ID
How It Works
- Searches for all Indicators from the specified source enclaves once every 24 hours.
- Converts TruSTAR Indicator into Defender Indicators.
- Divide the Defender indicators into batches of 500 and then uploads each batch separately to Defender ATP.
Any issues or questions about this script, please contact firstname.lastname@example.org