Defender - Custom Indicators

Christian Davis

August 09, 2025 00:00

When our security team is investigating an alert, our standard process is to identify the source of the malicious activity and create a custom indicator (File Hash, IP Address, URL/Domain, Certificate) in the Defender portal. A major blocker for us is the ability to do this at scale. If we know a particular IP Address is the source of an active malware campaign, why shouldn't we block that IP Address for all of our clients?

The ability to create custom indicators in all of our clients' tenants would be incredibly valuable to us, and I believe Nerdio is well positioned to solve this problem.

Comments (2 comments)

Carl Long

August 09, 2025 11:02

Thank you for submitting your feature request—we truly value input from our community.

Next steps:
• We will review your request and update its status as it progresses through our evaluation process.
• If any clarification is needed, we'll follow up with you directly in the comments.

We also encourage the community to influence our decision through comments, votes, and feedback.

Adam Atwell

August 18, 2025 16:04

Can't wait to see this dream come to life :P! Major value for our team!

Please sign in to leave a comment.