Skip to main content

Initial Microsoft Defender for Endpoint Case Creation - Workflow Template

Fetch Alert Details by supplying an alert id and create a case using a Field Mapper

Updated this week

This workflow template, "Initial Microsoft Defender for Endpoint Case Creation," is designed to streamline the incident response process for organizations utilizing Microsoft's EDR solution. The workflow automates the collection of alert details based on an alert ID and maps pertinent fields into a structured case format using Torq’s Field Mapper. Each alert triggers a case creation, enhancing efficiency in threat identification and subsequent case management by ensuring timely and standardized responses to security alerts. Suitable for security teams focused on Case Management and Endpoint Detection and Response (EDR), this template ensures uniformity and speed in handling Defender for Endpoint alerts within Torq.

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Fetch Alert ID by machine ID.

  2. Map alert fields to a predefined case layout.

  3. Create a case for each new alert.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Did this answer your question?