The Microsoft Defender for Endpoint enables you to proactively inspect, analyze, and contain known and unknown threats on any endpoint.

The Microsoft Defender for Endpoint integration helps Security Analysts efficiently investigate and remediate security incidents without having to navigate between tools.

You can use this integration to create configurations to retrieve the host details, details of logged-in users, related machines details, and other enrichment capabilities. You can request to isolate any machine from accessing the networks or remove the machines from isolation. Requests can be accepted or rejected by the approvers.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Key features

Microsoft Defender for Endpoint has the following key features:
  • Perform Enterprise Security Search to sight potential malicious observables across endpoints, and take remediation actions.
  • Perform response actions such as Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file.
  • Create or update indicators.
  • Perform observable enrichment and retrieve data related to indicators.