Skip to main content
All CollectionsTemplatesBasic
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template

Execute Live Responses on an Endpoint and collects the results of each command.

Updated over 6 months ago

The "Run LiveResponses on Microsoft Defender for Endpoint" workflow template for Torq allows businesses to automate the rapid response and investigation stage in their endpoint security strategy. By inputting machine ID or DNS name, users can execute custom actions—like getting or putting a file, running a script, or performing a series of these actions sequentially—directly on an endpoint. The workflow waits for a predefined period to confirm successful completion, then collates individual action results into a Torq file. This template is crucial for Endpoint Detection and Response (EDR), enabling teams to swiftly address cyber threats and ensure endpoint security.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Endpoint Detection and Response (EDR) ,Function

Workflow Breakdown

  1. Workflow takes as an input machineId or computerDnsName values.

  2. Run a single command such as Get a File, Put a File and Run a script or a complete set of commands with all three mentioned actions.

  3. Workflow will wait a specified period of time to verify the action is successfully applied.

  4. Collect results of each response as a tqfile.

  5. Collects a list of LiveResponse previous actions.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary includes the executed command along with its results as a file

Did this answer your question?