Skip to main content

Workflow Template: Initial Microsoft Defender for Endpoint Case Creation

Fetch alert details by supplying an alert id and create a case using the field mapping nested workflow.

Updated yesterday

The "Initial Microsoft Defender for Endpoint Case Creation" workflow template streamlines the process of managing security alerts by automating case creation. It fetches alert details using a specified alert ID, maps alert fields to a predefined case layout, and generates a case for each new alert. This workflow is essential for businesses utilizing Microsoft Defender for Endpoint, enhancing their case management and endpoint detection and response (EDR) capabilities.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Fetch Alert ID by machine ID.

  2. Map alert fields to a predefined case layout.

  3. Create a case for each new alert.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Related Articles
Workflow Template: Run LiveResponses on Microsoft Defender for Endpoint
Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases
Workflow Template: Initial Intezer Case Creation
Workflow Template: Initial CrowdStrike Case Creation
Workflow Template: Initial SentinelOne Case Creation
Did this answer your question?