Unless someone out there can prove me wrong (which I would really like) I have looked around the forums, Internet, API guides, and spoken to a sales partner in the UK.
I have come to the sad conclusion that both ATP and SEPM are unable to Import via the API (or by the looks of it, any means) any of the listed below items from external feeds, Threat Intel Platforms, etc?
- IP Addresses
- File hashes (possibly) – but not of real use to my use case
- Other Indicators of Compromise
Kind of restricts you to Symantec ONLY feeds, no OSINT, or cross platform ingestion of extra inteligence?
This is terrible if this is the case!