Skip to main content

Workflow Template: QuickAction - Remediation Menu for MS Defender for Endpoint

Enables a Case Analyst to perform Scan, Isolation and Release from Isolation actions from a single menu triggered by an Interact menu.

Updated over 2 weeks ago

The "QuickAction - Remediation Menu for MS Defender for Endpoint" workflow template is designed to streamline device management for case analysts using Microsoft Defender for Endpoint. It provides a user-friendly interface to quickly execute critical actions such as scanning, isolating, or releasing devices from isolation. This workflow enhances incident response efficiency by allowing analysts to select and perform these actions directly from a menu, ensuring swift remediation and improved security posture.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Presents a menu for the analyst to select a device action: Scan, Isolate, or Release.

  2. Submit the requested action and wait a configurable timeframe for the endpoint response."

Vendors

Utils, Microsoft Defender for Endpoint, Torq Cases

Related Articles
Workflow Template: QuickAction - Isolate or Release a Device on MS Defender Endpoint
Workflow Template: QuickAction - Scan Device on MS Defender for Endpoint
Workflow Template: QuickAction - Run a command on a device with MS Defender Endpoint
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: QuickAction - Query Device Timeline on MS Defender for Endpoint
Did this answer your question?