Skip to main content

Initial Microsoft Defender for Endpoint Case Creation - Workflow Template

Fetch Alert Details by supplying an alert id and create a case using a Field Mapper

Updated over 3 weeks ago

This workflow template, "Initial Microsoft Defender for Endpoint Case Creation," is designed to streamline the incident response process for organizations utilizing Microsoft's EDR solution. The workflow automates the collection of alert details based on an alert ID and maps pertinent fields into a structured case format using Torq’s Field Mapper. Each alert triggers a case creation, enhancing efficiency in threat identification and subsequent case management by ensuring timely and standardized responses to security alerts. Suitable for security teams focused on Case Management and Endpoint Detection and Response (EDR), this template ensures uniformity and speed in handling Defender for Endpoint alerts within Torq.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Fetch Alert ID by machine ID.

  2. Map alert fields to a predefined case layout.

  3. Create a case for each new alert.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Related Articles
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
QuickAction - Isolate or Release a Device on MS Defender Endpoint - Workflow Template
Poll for New Microsoft Defender for Endpoint Events for Cases - Workflow Template
Initial Intezer Case Creation - Workflow Template
Create Case from Microsoft Sentinel Incident - Workflow Template
Did this answer your question?