Skip to main content

Workflow Template: QuickAction - Scan Device on MS Defender for Endpoint

Start a full malware scan on a remote device when a quick action button is pressed.

Updated yesterday

The "QuickAction - Scan Device on MS Defender for Endpoint" workflow template is designed to enhance incident response efficiency by automating malware scans on remote devices. Triggered by a Quick Action, it initiates a comprehensive malware scan using Microsoft Defender for Endpoint, ensuring swift threat detection and mitigation. The workflow also updates the case with scan results, streamlining case management and bolstering endpoint detection and response (EDR) capabilities.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Runs in response of a Quick Action execution.

  2. Starts a full malware scan on the remote device.

  3. Waits for the host to be contacted and confirm that the action has finished successfully.

  4. Add a note to the case with the result of the action.

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Related Articles
Workflow Template: Run Antivirus Scan on a device on Microsoft Defender for Endpoint
Workflow Template: QuickAction - Isolate or Release a Device on MS Defender Endpoint
Workflow Template: QuickAction - Fetch a File from Device on MS Defender Endpoint
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: QuickAction - Fetch a File from Device on SentinelOne
Did this answer your question?