[Microsoft Defender] Enhance the connector i.e. select which incidents to ingest

[Jermain-N]

Use case

As an anslyst, I want to select which MS Defender incidents I send to OpenCTI based on the filters I have established in Defender's GUI.

Current Workaround

N/A

Proposed Solution

Add the filter URL to the connector's paramters.

Additional Information

[damians-filigran]

Adding to this, there can be a confidentiality requirement to this filtering requirement. If every incident is sent from Defender to OpenCTI, this could include events that are restricted to certain participants, but the connector would bring all incidents into OpenCTI to be visible to OpenCTI analysts.