topic How to block outgoing traffic with the SOAR app for Microsoft Defender for Endpoint in Splunk SOAR https://community.splunk.com/t5/Splunk-SOAR/How-to-block-outgoing-traffic-with-the-SOAR-app-for-Microsoft/m-p/745633#M1714 <P>We're looking to block outgoing traffic from a specific client or group, using the Microsoft Defender for Endpoint-app.</P><P>If we were to implement this ourselves using the MS api, it would be something like:<BR /><BR /></P><LI-CODE lang="markup">POST https://api.securitycenter.microsoft.com/api/machines/{machineId}/restrict Authorization: Bearer {your_access_token} Content-Type: application/json { "action": "Block", "destination": "IP_ADDRESS_OR_DOMAIN", "protocol": "TCP", "port": "443" }</LI-CODE><P><BR />However, I haven't been able to find a corresponding call in the app source code. Am I missing something, or isn't this currently supported?</P> Wed, 07 May 2025 07:40:09 GMT 1var 2025-05-07T07:40:09Z How to block outgoing traffic with the SOAR app for Microsoft Defender for Endpoint https://community.splunk.com/t5/Splunk-SOAR/How-to-block-outgoing-traffic-with-the-SOAR-app-for-Microsoft/m-p/745633#M1714 <P>We're looking to block outgoing traffic from a specific client or group, using the Microsoft Defender for Endpoint-app.</P><P>If we were to implement this ourselves using the MS api, it would be something like:<BR /><BR /></P><LI-CODE lang="markup">POST https://api.securitycenter.microsoft.com/api/machines/{machineId}/restrict Authorization: Bearer {your_access_token} Content-Type: application/json { "action": "Block", "destination": "IP_ADDRESS_OR_DOMAIN", "protocol": "TCP", "port": "443" }</LI-CODE><P><BR />However, I haven't been able to find a corresponding call in the app source code. Am I missing something, or isn't this currently supported?</P> Wed, 07 May 2025 07:40:09 GMT https://community.splunk.com/t5/Splunk-SOAR/How-to-block-outgoing-traffic-with-the-SOAR-app-for-Microsoft/m-p/745633#M1714 1var 2025-05-07T07:40:09Z Re: How to block outgoing traffic with the SOAR app for Microsoft Defender for Endpoint https://community.splunk.com/t5/Splunk-SOAR/How-to-block-outgoing-traffic-with-the-SOAR-app-for-Microsoft/m-p/745639#M1715 <P>It looks as if the app-functions "Submit indicator" will be able to solve this for us:&nbsp;<BR /><BR /></P><LI-CODE lang="markup">{ "indicatorValue": "9.9.9.9", "indicatorType": "IpAddress", "action": "Block", "title": "Block outbound traffic to 9.9.9.9", "description": "Referanse: JIRA-XYZ", "generateAlert": true }</LI-CODE> Wed, 07 May 2025 08:32:46 GMT https://community.splunk.com/t5/Splunk-SOAR/How-to-block-outgoing-traffic-with-the-SOAR-app-for-Microsoft/m-p/745639#M1715 1var 2025-05-07T08:32:46Z