The "Initial MS Defender Incident Case Creation from DataConnector" workflow template is designed to streamline incident management by automatically creating structured cases in Torq whenever a new or updated incident is detected by Microsoft Defender XDR. This workflow ingests incident data, extracts alert summaries, and maps incident-level metadata to create a comprehensive Torq Case. It includes detailed incident tables, alert summaries with clickable links, and custom fields for incident ID and priority score, enhancing case management efficiency and response times.
Trigger
Use Cases
Case Management
Workflow Breakdown
Triggered by the MS Defender Incidents data connector whenever a new or updated incident is received from Microsoft Defender XDR.
Incident-level fields are mapped to the case (severity, status, classification, determination, assigned to, alert count, resolving comment).
Per-alert summary table is included with clickable portal links.
Vendors
Utils, Torq Cases
Workflow Output
A structured Torq Case is created containing the incident details table, a per-alert summary table with clickable portal links, and custom fields for incident ID and priority score.