Skip to main content

QuickAction - Scan Device on MS Defender for Endpoint - Workflow Template

Start a full malware scan on a remote device as a response of a quick action button.

Updated this week

This workflow template empowers security analysts to quickly initiate a comprehensive malware scan on a remote device using Microsoft Defender for Endpoint, directly from an incident case. The process begins when an analyst executes a Quick Action button, instantly triggering the scan. The workflow then awaits confirmation that the scan was completed successfully before documenting the action's results in the case notes. Essential for accurate case management and expedited endpoint detection and response, this workflow facilitates prompt malware assessments, critical in maintaining an organization's cybersecurity posture.

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Runs in response of a Quick Action execution.

  2. Starts a full malware scan on the remote device.

  3. Waits for the host to be contacted and confirm that the action has finished successfully.

  4. Add a note to the case with the result of the action.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Did this answer your question?