What type of files can you upload to a Watchlist?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Reference:
In Microsoft Defender for Endpoint, a Watchlist is a collection of indicators that you can monitor for signs of malicious activity. You can upload a list of indicators to a Watchlist so that Defender for Endpoint can continuously monitor those indicators for any signs of compromise.
When it comes to the types of files you can upload to a Watchlist, there are certain requirements and limitations.
According to Microsoft documentation, you can upload a CSV file with a header to a Watchlist. The CSV file should have two columns: one for the indicator type (e.g., IP address, domain name, file hash) and one for the indicator value. The header row should include the column names "IndicatorType" and "IndicatorValue".
For example, if you wanted to create a Watchlist for known malicious IP addresses, your CSV file might look like this:
IndicatorType,IndicatorValue IP address,192.168.0.1 IP address,10.0.0.2 IP address,172.16.0.5
In addition to CSV files with a header, you can also upload .txt files to a Watchlist. However, these files must be formatted in a specific way. Each indicator should be on a separate line, and there should be no header row.
For example, if you wanted to create a Watchlist for known malicious domains, your .txt file might look like this:
malware.com evilcorp.net badware.org
As for the other options listed in the answer choices:
In conclusion, the correct answer to this question is A. You can upload CSV files with a header and .txt files to a Watchlist in Defender for Endpoint.