Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise EDR platform that provides threat detection, investigation, and automated response capabilities across Windows, macOS, Linux, iOS, and Android devices for comprehensive endpoint security

Category: EDR
Homepage: https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint
Tags: edr, endpoint-protection, threat-detection, automated-response, incident-response, microsoft

Subscription Information

Registration Required: Yes
Subscription Required: Yes
Free Subscription Available: No

Responders (8)

MSDefender-FullVirusscan `v1.0`

Run full virus scan to machine with Microsoft Defender for Endpoints

Author: Keijo Korte
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_VirusScan.json (raw)

MSDefender-UnRestrictAppExecution `v1.0`

Enable execution of any application on the device

Author: Keijo Korte, Louis-Maximilien Dupouy
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_UnRestrictAppExecution.json (raw)

MSDefender-RestrictAppExecution `v1.0`

Restrict execution of all applications on the device except a predefined set

Author: Keijo Korte, Louis-Maximilien Dupouy
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_RestrictAppExecution.json (raw)

MSDefender-AutoInvestigation `v1.0`

Start an automated investigation on a device

Author: Keijo Korte, Louis-Maximilien Dupouy
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_AutoInvestigation.json (raw)

MSDefender-PushIOC-Alert `v2.0`

Push IOC to Defender client. Alert mode

Author: Keijo Korte, Louis-Maximilien Dupouy
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_PushIOCAlert.json (raw)

MSDefender-IsolateMachine `v1.0`

Isolate machine with Microsoft Defender for Endpoints

Author: Keijo Korte
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_Isolate.json (raw)

MSDefender-PushIOC-Block `v2.0`

Push IOC to Defender client. Blocking mode

Author: Keijo Korte, Louis-Maximilien Dupouy
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_PushIOCBlock.json (raw)

MSDefender-UnisolateMachine `v1.0`

Unisolate machine with Microsoft Defender for Endpoints

Author: Keijo Korte
License: AGPL-V3
Data Types: thehive:case_artifact
Configuration: .upstream/cortex/responders/MSDefenderEndpoints/MSDefenderEndpoints_Unisolate.json (raw)

Statistics

Total Analyzers: 0
Total Responders: 8
Total Functions: 0
Total External Integrations: 0
Total Integrations: 8

This file is auto-generated from the integration manifest. Do not edit manually.

Microsoft Defender for Endpoint

Subscription Information​

Responders (8)​

MSDefender-FullVirusscan v1.0​

MSDefender-UnRestrictAppExecution v1.0​

MSDefender-RestrictAppExecution v1.0​

MSDefender-AutoInvestigation v1.0​

MSDefender-PushIOC-Alert v2.0​

MSDefender-IsolateMachine v1.0​

MSDefender-PushIOC-Block v2.0​

MSDefender-UnisolateMachine v1.0​

Statistics​