Send observables to EDR

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Send observables to the EDR security tool.

    Avant de commencer

    Role required: sn_sec_tisc.analyst

    Procédure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click the Threat Intel Library icon.
    3. Go to Observables > All Observables.
    4. Open any observable record.
    5. Select Send to EDR.
      The Send to EDR Implementations modal screen is displayed.
    6. Select the required implementation from the list.
      For example, select the implementation associated to Microsoft Defender EDR.
    7. Click Next.
    8. Select the run time details such as the Title and Description of the implementation.
    9. Click Submit.
      The selected action is executed and an information message is displayed that Observable Send to EDR execution has started and the results of this execution will be available under the Activity Stream after the execution is complete.
      Remarque :
      Once the execution is initiated or completed, a work notes is posted on the activity stream of the form view and you can verify the execution progress accordingly.