Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will isolate Microsoft Defender for Endpoint MDE device using entity trigger. It will be triggered by Microsoft Sentinel when an entity of type 'Host' is detected in an incident. The playbook retrieves the list of machines from MDE, checks if the entity's hostname exists in that list, and if it does, it isolates the machine and adds a comment to the incident indicating that the host has been successfully isolated. If the hostname does not exist in MDE, it adds a comment indicating
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | MicrosoftDefenderForEndpoint |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊