we are currently integrating our SIR with SIEM and we would like to utilize Defender for endpoint key features - Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file.
But Incidents are generated by SIEM policies but not through Defender. Is this possible to utilize defender integration to Isolate host on defender without even pulling defender alerts ?
