Security incident response (SIR) integration with Defender for endpoint key features
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2024 04:56 PM
we are currently integrating our SIR with SIEM and we would like to utilize Defender for endpoint key features - Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file.
But Incidents are generated by SIEM policies but not through Defender. Is this possible to utilize defender integration to Isolate host on defender without even pulling defender alerts ?
0 REPLIES 0