IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Blocking Mail Sender ID in O365 Defender Block List

    Posted Fri August 02, 2024 03:19 AM
    Edited by Veer Singh Fri August 02, 2024 03:23 AM

    Hi Everyone,

    Need your expert advise on blocking phishing mail sender id at defender portal in block list.

    To achieve this, we have created a playbook for phishing mail and as a result we want to block the sender mail ID in defender allow/block list, we have integrated defender using defender application from app exchange. but we are not  able to achieve as we could not find any function related to blocking sender mail id, file hash, file name in defender allow/block list. 

    from somewhere we got information that defender accept blocking using power shell script not through API, is that correct?

    Could anyone help on this to achieve this using SOAR playbook or do we have any other way of achieving the same. 

    Thanks in advance!

    Regards,

    ------------------------------
    Veer Singh
    ------------------------------



  • 2.  RE: Blocking Mail Sender ID in O365 Defender Block List

    Posted Wed August 07, 2024 03:35 AM

    It looks like this API call can achieve your goal, but it's still in beta.


    https://learn.microsoft.com/en-us/graph/api/resources/security-tenantalloworblocklistaction?view=graph-rest-beta



    ------------------------------
    Allen Lee
    ------------------------------

    Original Message