This workflow template, "Initial Microsoft Defender for Endpoint Case Creation," is designed to streamline the incident response process for organizations utilizing Microsoft's EDR solution. The workflow automates the collection of alert details based on an alert ID and maps pertinent fields into a structured case format using Torq’s Field Mapper. Each alert triggers a case creation, enhancing efficiency in threat identification and subsequent case management by ensuring timely and standardized responses to security alerts. Suitable for security teams focused on Case Management and Endpoint Detection and Response (EDR), this template ensures uniformity and speed in handling Defender for Endpoint alerts within Torq.
Use Cases
Case Management , Endpoint Detection and Response (EDR)
Workflow Breakdown
Fetch Alert ID by machine ID.
Map alert fields to a predefined case layout.
Create a case for each new alert.
Vendors
Utils, Microsoft Defender for Endpoint, Torq Cases