Configure Get Related Machines from Defender Capability in Microsoft Defender for Endpoint

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Get the list of related machines of specific observables.

    始める前に

    注:
    Supported Observable Types are Domain name, SHA1 hash, and Username.
    Role required: sn_si.admin or sn_si.analyst

    このタスクについて

    You can retrieve the list of machines that have accessed the particular observables. You can store the list on the Microsoft Defender for Endpoint Related Machines Details table. You can trigger the Get Related Machines from Defender capability from the Associated Observables related list.

    手順

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
      図 : 1. Get Related Machines from Defender
      Get Related Machines from Defender capability implementation
    3. In the Related links section, click Show IoC.
    4. Click the Associated Observables related list.
    5. Select the associated observables.
    6. From the Actions list, select the Get Related Machines from Defender capability.
    7. Validate the automation activity and activities section.
    8. View the data, and validate the Microsoft Defender for Endpoint Related Machines details on the related lists.
    9. View the automation activities of the execution, and validate them.