This workflow template empowers security analysts to quickly initiate a comprehensive malware scan on a remote device using Microsoft Defender for Endpoint, directly from an incident case. The process begins when an analyst executes a Quick Action button, instantly triggering the scan. The workflow then awaits confirmation that the scan was completed successfully before documenting the action's results in the case notes. Essential for accurate case management and expedited endpoint detection and response, this workflow facilitates prompt malware assessments, critical in maintaining an organization's cybersecurity posture.
Use Cases
Case Management , Endpoint Detection and Response (EDR)
Workflow Breakdown
Runs in response of a Quick Action execution.
Starts a full malware scan on the remote device.
Waits for the host to be contacted and confirm that the action has finished successfully.
Add a note to the case with the result of the action.
Vendors
Utils, Microsoft Defender for Endpoint, Torq Cases