The "Run LiveResponses on Microsoft Defender for Endpoint" workflow template for Torq allows businesses to automate the rapid response and investigation stage in their endpoint security strategy. By inputting machine ID or DNS name, users can execute custom actions—like getting or putting a file, running a script, or performing a series of these actions sequentially—directly on an endpoint. The workflow waits for a predefined period to confirm successful completion, then collates individual action results into a Torq file. This template is crucial for Endpoint Detection and Response (EDR), enabling teams to swiftly address cyber threats and ensure endpoint security.
Optional Triggers
"This workflows is intended to be used as a function."
Use Cases
Endpoint Detection and Response (EDR) ,Function
Workflow Breakdown
Workflow takes as an input machineId or computerDnsName values.
Run a single command such as Get a File, Put a File and Run a script or a complete set of commands with all three mentioned actions.
Workflow will wait a specified period of time to verify the action is successfully applied.
Collect results of each response as a tqfile.
Collects a list of LiveResponse previous actions.
Vendors
Utils, Microsoft Defender for Endpoint
Workflow Output
Summary includes the executed command along with its results as a file