No matter how hard I try, I cannot get the Microsoft Defender Indicator API https://api.securitycenter.microsoft.com/api/indicators/import to import IOCs with the Generate alert flag off.
I have tried the below to no avail:
- generateAlert: “false”
- generateAlert: false <- this is the format the API uses when it exports IOCs, so should be correct
- generateAlert: “FALSE”
- generateAlert: FALSE
But every time it shows with the Generate alert checkbox ticked as per below
Example JSON API request body.
{
"indicatorValue": "8.8.8.8",
"indicatorType": "ipAddress",
"title": "Test event",
"application": "Defender",
"generateAlert": false,
"action": "AlertAndBlock",
"description": "Test event"
}
Has anyone managed to import indicators via the API, and if so how?