Send observables to EDR

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Send observables to the EDR security tool.

    시작하기 전에

    Role required: sn_sec_tisc.analyst

    프로시저

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click the Threat Intel Library icon.
    3. Go to Observables > All Observables.
    4. Open any observable record.
    5. Select Send to EDR.
      The Send to EDR Implementations modal screen is displayed.
    6. Select the required implementation from the list.
      For example, select the implementation associated to Microsoft Defender EDR.
    7. Click Next.
    8. Select the run time details such as the Title and Description of the implementation.
    9. Click Submit.
      The selected action is executed and an information message is displayed that Observable Send to EDR execution has started and the results of this execution will be available under the Activity Stream after the execution is complete.
      주:
      Once the execution is initiated or completed, a work notes is posted on the activity stream of the form view and you can verify the execution progress accordingly.