The "Initial MS Defender Incident Case Creation from Data Connector" workflow template is designed to streamline incident management by automatically creating structured Torq Cases from Microsoft Defender XDR incidents. Triggered by new or updated incidents, this workflow maps incident-level fields such as severity, status, and classification to a case, and includes a per-alert summary table with clickable links for detailed investigation. This template enhances case management efficiency by providing a comprehensive view of incidents, facilitating quicker response and resolution.
Trigger
Use Cases
Case Management
Workflow Breakdown
Triggered by the MS Defender Incidents data connector whenever a new or updated incident is received from Microsoft Defender XDR.
Incident-level fields are mapped to the case (severity, status, classification, determination, assigned to, alert count, resolving comment).
Per-alert summary table is included with clickable portal links.
Vendors
Utils, Torq Cases
Workflow Output
A structured Torq Case is created containing the incident details table, a per-alert summary table with clickable portal links, and custom fields for incident ID and priority score.