Attach TDL Content
Threat Defender Library (TDL) stores information and files utilized in threat detection, threat hunting, and threat defense. The unique content stored in TDL adds value to existing threat hunting and threat detection workflows thereby helping members to proactively defend against organization-specific threats.
For example, if there is a ransomware threat that has an identified malicious code, you can attach a specific rule (YARA, SIEM, or other supported rules) that impacts that specific malicious code. This helps analysts detect or respond to the ransomware. In this case, members can use the attached content from TDL to defend against the ransomware threat. For more information about Threat Defender Library, see Threat Defender Library.
Before you Start
Upload files to the Threat Defender Library so that it is available while creating alerts.
Steps
To attach TDL content to alerts, do the following:
In the alert creation form, click Threat Defender Library to attach content from TDL.
Click Browse and select the required TDL content from the list.
After attaching content from TDL, click Next. The next step is to finish alert creation. To know more about this, see Finish Alert Creation.